From 6921c8d8b6cee61429a45797d26ff2deea22ddf5 Mon Sep 17 00:00:00 2001 From: Nolan Brubaker Date: Tue, 29 Oct 2024 16:08:52 -0400 Subject: [PATCH] UPSTREAM: : Regenerate manifests to include ASO Signed-off-by: Nolan Brubaker --- config/default/kustomization.yaml | 3 + .../infrastructure-components-openshift.yaml | 83504 ++++++++++++++- openshift/infrastructure-components.yaml | 84095 +++++++++++++++- openshift/kustomization.yaml | 2 +- ...luster-api_04_cm.infrastructure-azure.yaml | 11131 +- openshift/patches/aso-disable-crds.yaml | 18 + openshift/patches/disable-aso.yaml | 6 - openshift/patches/turn-off-aso-api.yaml | 16 - .../typed/storagemigration/v1alpha1/doc.go | 14 + .../cluster-api/exp/ipam/api/v1beta1/doc.go | 12 + 10 files changed, 167315 insertions(+), 11486 deletions(-) create mode 100644 openshift/patches/aso-disable-crds.yaml delete mode 100644 openshift/patches/disable-aso.yaml delete mode 100644 openshift/patches/turn-off-aso-api.yaml diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 6eeabab6331..72aa0a9db71 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -3,6 +3,9 @@ kind: Kustomization resources: - ../capz +components: +- ../aso + replacements: - source: fieldPath: spec.template.spec.containers.[name=manager].image diff --git a/openshift/infrastructure-components-openshift.yaml b/openshift/infrastructure-components-openshift.yaml index 065c258cd3b..635965b9848 100644 --- a/openshift/infrastructure-components-openshift.yaml +++ b/openshift/infrastructure-components-openshift.yaml @@ -10589,7 +10589,7 @@ spec: - --leader-elect - --diagnostics-address=${CAPZ_DIAGNOSTICS_ADDRESS:=:8443} - --insecure-diagnostics=${CAPZ_INSECURE_DIAGNOSTICS:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false},ASOAPI=false + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false},ASOAPI=${EXP_ASO_API:=true} - --v=0 env: - name: AZURE_SUBSCRIPTION_ID @@ -11088,6 +11088,83508 @@ spec: selector: cluster.x-k8s.io/provider: infrastructure-azure --- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + labels: + app.kubernetes.io/name: azure-service-operator + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-default + namespace: openshift-cluster-api +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-leader-election-role + namespace: openshift-cluster-api +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-crd-manager-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-crd-reader-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-manager-role +rules: +- apiGroups: + - alertsmanagement.azure.com + resources: + - prometheusrulegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - alertsmanagement.azure.com + resources: + - prometheusrulegroups/finalizers + - prometheusrulegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apis/finalizers + - apis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets/finalizers + - apiversionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationproviders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationproviders/finalizers + - authorizationproviders/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationprovidersauthorizations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationprovidersauthorizations/finalizers + - authorizationprovidersauthorizations/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationprovidersauthorizationsaccesspolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationprovidersauthorizationsaccesspolicies/finalizers + - authorizationprovidersauthorizationsaccesspolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - backends + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - backends/finalizers + - backends/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues/finalizers + - namedvalues/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policies/finalizers + - policies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments/finalizers + - policyfragments/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - productapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - productapis/finalizers + - productapis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - productpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - productpolicies/finalizers + - productpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - products + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - products/finalizers + - products/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - services/finalizers + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions/finalizers + - subscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores/finalizers + - configurationstores/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roleassignments/finalizers + - roleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roledefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roledefinitions/finalizers + - roledefinitions/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.azure.com + resources: + - batchaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.azure.com + resources: + - batchaccounts/finalizers + - batchaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redis/finalizers + - redis/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases/finalizers + - redisenterprisedatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprises/finalizers + - redisenterprises/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules/finalizers + - redisfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers/finalizers + - redislinkedservers/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules/finalizers + - redispatchschedules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - afdcustomdomains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - afdcustomdomains/finalizers + - afdcustomdomains/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - afdendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - afdendpoints/finalizers + - afdendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - afdorigingroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - afdorigingroups/finalizers + - afdorigingroups/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - afdorigins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - afdorigins/finalizers + - afdorigins/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profiles/finalizers + - profiles/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints/finalizers + - profilesendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - routes/finalizers + - routes/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - rules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - rules/finalizers + - rules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - rulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - rulesets/finalizers + - rulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - secrets/finalizers + - secrets/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - securitypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - securitypolicies/finalizers + - securitypolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets/finalizers + - diskencryptionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - disks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - disks/finalizers + - disks/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - images + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - images/finalizers + - images/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - snapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - snapshots/finalizers + - snapshots/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachines/finalizers + - virtualmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets/finalizers + - virtualmachinescalesets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesetsextensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesetsextensions/finalizers + - virtualmachinescalesetsextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinesextensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinesextensions/finalizers + - virtualmachinesextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups/finalizers + - containergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - containerregistry.azure.com + resources: + - registries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerregistry.azure.com + resources: + - registries/finalizers + - registries/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleets/finalizers + - fleets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/finalizers + - fleetsmembers/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns/finalizers + - fleetsupdateruns/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/finalizers + - managedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/finalizers + - managedclustersagentpools/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings/finalizers + - trustedaccessrolebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories/finalizers + - factories/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults/finalizers + - backupvaults/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackupinstances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackupinstances/finalizers + - backupvaultsbackupinstances/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies/finalizers + - backupvaultsbackuppolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations/finalizers + - configurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - databases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - databases/finalizers + - databases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators/finalizers + - flexibleserversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - devices.azure.com + resources: + - iothubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devices.azure.com + resources: + - iothubs/finalizers + - iothubs/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts/finalizers + - databaseaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections/finalizers + - mongodbdatabasecollections/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings/finalizers + - mongodbdatabasecollectionthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases/finalizers + - mongodbdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings/finalizers + - mongodbdatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers/finalizers + - sqldatabasecontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures/finalizers + - sqldatabasecontainerstoredprocedures/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings/finalizers + - sqldatabasecontainerthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers/finalizers + - sqldatabasecontainertriggers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions/finalizers + - sqldatabasecontaineruserdefinedfunctions/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases/finalizers + - sqldatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings/finalizers + - sqldatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments/finalizers + - sqlroleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domains/finalizers + - domains/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics/finalizers + - domainstopics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions/finalizers + - eventsubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - topics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - topics/finalizers + - topics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs/finalizers + - namespaceseventhubs/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules/finalizers + - namespaceseventhubsauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups/finalizers + - namespaceseventhubsconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - actiongroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - actiongroups/finalizers + - actiongroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings/finalizers + - autoscalesettings/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - components + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - components/finalizers + - components/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - metricalerts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - metricalerts/finalizers + - metricalerts/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules/finalizers + - scheduledqueryrules/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - webtests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - webtests/finalizers + - webtests/status + verbs: + - get + - patch + - update +- apiGroups: + - keyvault.azure.com + resources: + - vaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keyvault.azure.com + resources: + - vaults/finalizers + - vaults/status + verbs: + - get + - patch + - update +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/finalizers + - extensions/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes/finalizers + - workspacescomputes/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections/finalizers + - workspacesconnections/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials/finalizers + - federatedidentitycredentials/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities/finalizers + - userassignedidentities/status + verbs: + - get + - patch + - update +- apiGroups: + - monitor.azure.com + resources: + - accounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitor.azure.com + resources: + - accounts/finalizers + - accounts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - applicationgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - applicationgateways/finalizers + - applicationgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/finalizers + - bastionhosts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets/finalizers + - dnsforwardingrulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules/finalizers + - dnsforwardingrulesetsforwardingrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolvers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolvers/finalizers + - dnsresolvers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints/finalizers + - dnsresolversinboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints/finalizers + - dnsresolversoutboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszones/finalizers + - dnszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords/finalizers + - dnszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords/finalizers + - dnszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords/finalizers + - dnszonescaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords/finalizers + - dnszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords/finalizers + - dnszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords/finalizers + - dnszonesnsrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords/finalizers + - dnszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords/finalizers + - dnszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords/finalizers + - dnszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancers/finalizers + - loadbalancers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules/finalizers + - loadbalancersinboundnatrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/finalizers + - natgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networkinterfaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networkinterfaces/finalizers + - networkinterfaces/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups/finalizers + - networksecuritygroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules/finalizers + - networksecuritygroupssecurityrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszones/finalizers + - privatednszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords/finalizers + - privatednszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords/finalizers + - privatednszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords/finalizers + - privatednszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords/finalizers + - privatednszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords/finalizers + - privatednszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords/finalizers + - privatednszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords/finalizers + - privatednszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks/finalizers + - privatednszonesvirtualnetworklinks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/finalizers + - privateendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups/finalizers + - privateendpointsprivatednszonegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatelinkservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatelinkservices/finalizers + - privatelinkservices/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipaddresses/finalizers + - publicipaddresses/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipprefixes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipprefixes/finalizers + - publicipprefixes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetables/finalizers + - routetables/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetablesroutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetablesroutes/finalizers + - routetablesroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles/finalizers + - trafficmanagerprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints/finalizers + - trafficmanagerprofilesazureendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints/finalizers + - trafficmanagerprofilesexternalendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints/finalizers + - trafficmanagerprofilesnestedendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways/finalizers + - virtualnetworkgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworks/finalizers + - virtualnetworks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets/finalizers + - virtualnetworkssubnets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings/finalizers + - virtualnetworksvirtualnetworkpeerings/status + verbs: + - get + - patch + - update +- apiGroups: + - network.frontdoor.azure.com + resources: + - webapplicationfirewallpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.frontdoor.azure.com + resources: + - webapplicationfirewallpolicies/finalizers + - webapplicationfirewallpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/finalizers + - resourcegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - search.azure.com + resources: + - searchservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - search.azure.com + resources: + - searchservices/finalizers + - searchservices/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues/finalizers + - namespacesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics/finalizers + - namespacestopics/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions/finalizers + - namespacestopicssubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules/finalizers + - namespacestopicssubscriptionsrules/status + verbs: + - get + - patch + - update +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs/finalizers + - signalrs/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadministrators/finalizers + - serversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings/finalizers + - serversadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings/finalizers + - serversauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications/finalizers + - serversazureadonlyauthentications/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies/finalizers + - serversconnectionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabases/finalizers + - serversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings/finalizers + - serversdatabasesadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings/finalizers + - serversdatabasesauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies/finalizers + - serversdatabasesbackuplongtermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies/finalizers + - serversdatabasesbackupshorttermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies/finalizers + - serversdatabasessecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions/finalizers + - serversdatabasestransparentdataencryptions/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments/finalizers + - serversdatabasesvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools/finalizers + - serverselasticpools/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups/finalizers + - serversfailovergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules/finalizers + - serversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules/finalizers + - serversipv6firewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules/finalizers + - serversoutboundfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies/finalizers + - serverssecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules/finalizers + - serversvirtualnetworkrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments/finalizers + - serversvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccounts/finalizers + - storageaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices/finalizers + - storageaccountsblobservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers/finalizers + - storageaccountsblobservicescontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices/finalizers + - storageaccountsfileservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares/finalizers + - storageaccountsfileservicesshares/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies/finalizers + - storageaccountsmanagementpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices/finalizers + - storageaccountsqueueservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues/finalizers + - storageaccountsqueueservicesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices/finalizers + - storageaccountstableservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables/finalizers + - storageaccountstableservicestables/status + verbs: + - get + - patch + - update +- apiGroups: + - subscription.azure.com + resources: + - aliases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - subscription.azure.com + resources: + - aliases/finalizers + - aliases/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools/finalizers + - workspacesbigdatapools/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - serverfarms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - serverfarms/finalizers + - serverfarms/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - sites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - sites/finalizers + - sites/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-leader-election-rolebinding + namespace: openshift-cluster-api +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: azureserviceoperator-leader-election-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: openshift-cluster-api +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-crd-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: openshift-cluster-api +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-crd-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-reader-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: openshift-cluster-api +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: openshift-cluster-api +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + control-plane: controller-manager + name: azureserviceoperator-controller-manager-metrics-service + namespace: openshift-cluster-api +spec: + ports: + - name: metrics + port: 8443 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/serving-cert-secret-name: webhook-server-cert + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + control-plane: controller-manager + name: azureserviceoperator-controller-manager + namespace: openshift-cluster-api +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' + creationTimestamp: null + labels: + aadpodidbinding: aso-manager-binding + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=:8080 + - --health-addr=:8081 + - --enable-leader-election + - --v=2 + - --crd-management=none + - --webhook-port=9443 + - --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + key: azure_client_id + name: aso-controller-settings + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: azure_client_secret + name: aso-controller-settings + optional: true + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + key: azure_tenant_id + name: aso-controller-settings + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: azure_subscription_id + name: aso-controller-settings + - name: AZURE_CLIENT_CERTIFICATE + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE + name: aso-controller-settings + optional: true + - name: AZURE_CLIENT_CERTIFICATE_PASSWORD + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE_PASSWORD + name: aso-controller-settings + optional: true + - name: AZURE_AUTHORITY_HOST + valueFrom: + secretKeyRef: + key: AZURE_AUTHORITY_HOST + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_ENDPOINT + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_ENDPOINT + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_AUDIENCE + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_AUDIENCE + name: aso-controller-settings + optional: true + - name: AZURE_TARGET_NAMESPACES + valueFrom: + secretKeyRef: + key: AZURE_TARGET_NAMESPACES + name: aso-controller-settings + optional: true + - name: AZURE_OPERATOR_MODE + valueFrom: + secretKeyRef: + key: AZURE_OPERATOR_MODE + name: aso-controller-settings + optional: true + - name: AZURE_SYNC_PERIOD + valueFrom: + secretKeyRef: + key: AZURE_SYNC_PERIOD + name: aso-controller-settings + optional: true + - name: USE_WORKLOAD_IDENTITY_AUTH + valueFrom: + secretKeyRef: + key: USE_WORKLOAD_IDENTITY_AUTH + name: aso-controller-settings + optional: true + - name: AZURE_USER_AGENT_SUFFIX + valueFrom: + secretKeyRef: + key: AZURE_USER_AGENT_SUFFIX + name: aso-controller-settings + optional: true + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: to.be/replaced:v99 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 60 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8081 + name: health-port + protocol: TCP + - containerPort: 8443 + name: metrics-port + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 60 + resources: + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/secrets/tokens + name: azure-identity + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: azureserviceoperator-default + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: azure-identity + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity +status: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-alertsmanagement-azure-com-v1api20230301-prometheusrulegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230301.prometheusrulegroups.alertsmanagement.azure.com + rules: + - apiGroups: + - alertsmanagement.azure.com + apiVersions: + - v1api20230301 + operations: + - CREATE + - UPDATE + resources: + - prometheusrulegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-authorizationprovider + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.authorizationproviders.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationproviders + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-authorizationprovidersauthorization + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.authorizationprovidersauthorizations.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-authorizationprovidersauthorizationsaccesspolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.authorizationprovidersauthorizationsaccesspolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizationsaccesspolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-productapi + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.productapis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - productapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-productpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.productpolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - productpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-authorizationprovider + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.authorizationproviders.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationproviders + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-authorizationprovidersauthorization + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.authorizationprovidersauthorizations.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-authorizationprovidersauthorizationsaccesspolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.authorizationprovidersauthorizationsaccesspolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizationsaccesspolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-productapi + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.productapis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - productapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-productpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.productpolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - productpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-apimanagement-azure-com-v1api20230501preview-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-authorization-azure-com-v1api20220401-roledefinition + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roledefinitions.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roledefinitions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-afdcustomdomain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.afdcustomdomains.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdcustomdomains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-afdendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.afdendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-afdorigingroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.afdorigingroups.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdorigingroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-afdorigin + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.afdorigins.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdorigins + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-route + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.routes.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - routes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-rule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.rules.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - rules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-ruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.rulesets.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - rulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-secret + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.secrets.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-cdn-azure-com-v1api20230501-securitypolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.securitypolicies.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - securitypolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescalesetsextension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesetsextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesetsextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20201201-virtualmachinesextension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinesextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinesextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescalesetsextension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesetsextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesetsextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20220301-virtualmachinesextension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinesextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinesextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20231001-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20231102preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231102preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231102preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20231102preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231102preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231102preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20240402preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20240402preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20240402preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20240402preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-containerservice-azure-com-v1api20240402preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20240402preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dataprotection-azure-com-v1api20231101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dataprotection-azure-com-v1api20231101-backupvaultsbackupinstance + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231101.backupvaultsbackupinstances.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackupinstances + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dataprotection-azure-com-v1api20231101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230601preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230601preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230601preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230601preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-documentdb-azure-com-v1api20231115-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-insights-azure-com-v1api20220615-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-monitor-azure-com-v1api20230403-account + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230403.accounts.monitor.azure.com + rules: + - apiGroups: + - monitor.azure.com + apiVersions: + - v1api20230403 + operations: + - CREATE + - UPDATE + resources: + - accounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-frontdoor-azure-com-v1api20220501-webapplicationfirewallpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.webapplicationfirewallpolicies.network.frontdoor.azure.com + rules: + - apiGroups: + - network.frontdoor.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - webapplicationfirewallpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-sql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /mutate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + name: azureserviceoperator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-alertsmanagement-azure-com-v1api20230301-prometheusrulegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230301.prometheusrulegroups.alertsmanagement.azure.com + rules: + - apiGroups: + - alertsmanagement.azure.com + apiVersions: + - v1api20230301 + operations: + - CREATE + - UPDATE + resources: + - prometheusrulegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-authorizationprovider + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.authorizationproviders.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationproviders + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-authorizationprovidersauthorization + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.authorizationprovidersauthorizations.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-authorizationprovidersauthorizationsaccesspolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.authorizationprovidersauthorizationsaccesspolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizationsaccesspolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-productapi + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.productapis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - productapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-productpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.productpolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - productpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-authorizationprovider + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.authorizationproviders.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationproviders + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-authorizationprovidersauthorization + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.authorizationprovidersauthorizations.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-authorizationprovidersauthorizationsaccesspolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.authorizationprovidersauthorizationsaccesspolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizationsaccesspolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-productapi + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.productapis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - productapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-productpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.productpolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - productpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-apimanagement-azure-com-v1api20230501preview-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-authorization-azure-com-v1api20220401-roledefinition + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roledefinitions.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roledefinitions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-afdcustomdomain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.afdcustomdomains.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdcustomdomains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-afdendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.afdendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-afdorigingroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.afdorigingroups.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdorigingroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-afdorigin + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.afdorigins.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdorigins + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-route + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.routes.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - routes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-rule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.rules.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - rules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-ruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.rulesets.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - rulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-secret + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.secrets.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-cdn-azure-com-v1api20230501-securitypolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.securitypolicies.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - securitypolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20201201-virtualmachinescalesetsextension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesetsextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesetsextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20201201-virtualmachinesextension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinesextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinesextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20220301-virtualmachinescalesetsextension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesetsextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesetsextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20220301-virtualmachinesextension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinesextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinesextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20231001-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20231102preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231102preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231102preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20231102preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231102preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231102preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20240402preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20240402preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20240402preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20240402preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-containerservice-azure-com-v1api20240402preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20240402preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dataprotection-azure-com-v1api20231101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dataprotection-azure-com-v1api20231101-backupvaultsbackupinstance + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231101.backupvaultsbackupinstances.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackupinstances + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dataprotection-azure-com-v1api20231101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230601preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230601preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230601preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230601preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-documentdb-azure-com-v1api20231115-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-insights-azure-com-v1api20220615-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-monitor-azure-com-v1api20230403-account + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230403.accounts.monitor.azure.com + rules: + - apiGroups: + - monitor.azure.com + apiVersions: + - v1api20230403 + operations: + - CREATE + - UPDATE + resources: + - accounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-frontdoor-azure-com-v1api20220501-webapplicationfirewallpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.webapplicationfirewallpolicies.network.frontdoor.azure.com + rules: + - apiGroups: + - network.frontdoor.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - webapplicationfirewallpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-sql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: openshift-cluster-api + path: /validate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: bastionhosts.network.azure.com +spec: + group: network.azure.com + names: + kind: BastionHost + listKind: BastionHostList + plural: bastionhosts + singular: bastionhost + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + name: + description: 'Name: Name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + privateIPAllocationMethod: + description: 'PrivateIPAllocationMethod: Private IP allocation + method.' + enum: + - Dynamic + - Static + type: string + publicIPAddress: + description: 'PublicIPAddress: Reference of the PublicIP resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: 'Subnet: Reference of the subnet resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + required: + - publicIPAddress + - subnet + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + maximum: 50 + minimum: 2 + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + enum: + - Basic + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Bastion Host resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the bastion + host resource.' + type: string + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20220701.BastionHost + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.BastionHost_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + ipConfigurations: + items: + description: |- + Storage version of v1api20220701.BastionHostIPConfiguration + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + privateIPAllocationMethod: + type: string + publicIPAddress: + description: |- + Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: |- + Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + type: integer + sku: + description: |- + Storage version of v1api20220701.Sku + The sku of this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20220701.BastionHost_STATUS + Bastion Host resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + etag: + type: string + id: + type: string + ipConfigurations: + items: + description: |- + Storage version of v1api20220701.BastionHostIPConfiguration_STATUS + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + scaleUnits: + type: integer + sku: + description: |- + Storage version of v1api20220701.Sku_STATUS + The sku of this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: extensions.kubernetesconfiguration.azure.com +spec: + group: kubernetesconfiguration.azure.com + names: + kind: Extension + listKind: ExtensionList + plural: extensions + singular: extension + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230501 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aksAssignedIdentity: + description: 'AksAssignedIdentity: Identity of the Extension resource + in an AKS cluster' + properties: + type: + description: 'Type: The identity type.' + enum: + - SystemAssigned + - UserAssigned + type: string + type: object + autoUpgradeMinorVersion: + description: 'AutoUpgradeMinorVersion: Flag to note if this extension + participates in auto upgrade of minor version, or not.' + type: boolean + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + configurationProtectedSettings: + description: |- + ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this + extension. + properties: + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - name + type: object + configurationSettings: + additionalProperties: + type: string + description: 'ConfigurationSettings: Configuration settings, as name-value + pairs for configuring this extension.' + type: object + extensionType: + description: |- + ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types + registered with Microsoft.KubernetesConfiguration by the Extension publisher. + type: string + identity: + description: 'Identity: Identity of the Extension resource' + properties: + type: + description: 'Type: The identity type.' + enum: + - SystemAssigned + type: string + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + principalId: + description: 'PrincipalId: indicates where the PrincipalId + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an + extension resource, which means that any other Azure resource can be its owner. + properties: + armId: + description: Ownership across namespaces is not supported. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + plan: + description: 'Plan: The plan information.' + properties: + name: + description: 'Name: A user defined name of the 3rd Party Artifact + that is being procured.' + type: string + product: + description: |- + Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the + artifact at the time of Data Market onboarding. + type: string + promotionCode: + description: 'PromotionCode: A publisher provided promotion code + as provisioned in Data Market for the said product/artifact.' + type: string + publisher: + description: 'Publisher: The publisher of the 3rd Party Artifact + that is being bought. E.g. NewRelic' + type: string + version: + description: 'Version: The version of the desired product/artifact.' + type: string + required: + - name + - product + - publisher + type: object + releaseTrain: + description: |- + ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if + autoUpgradeMinorVersion is 'true'. + type: string + scope: + description: 'Scope: Scope at which the extension is installed.' + properties: + cluster: + description: 'Cluster: Specifies that the scope of the extension + is Cluster' + properties: + releaseNamespace: + description: |- + ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this + namespace does not exist, it will be created + type: string + type: object + namespace: + description: 'Namespace: Specifies that the scope of the extension + is Namespace' + properties: + targetNamespace: + description: |- + TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace + does not exist, it will be created + type: string + type: object + type: object + systemData: + description: |- + SystemData: Top level metadata + https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + enum: + - Application + - Key + - ManagedIdentity + - User + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + enum: + - Application + - Key + - ManagedIdentity + - User + type: string + type: object + version: + description: |- + Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion + must be 'false'. + type: string + required: + - owner + type: object + status: + description: The Extension object. + properties: + aksAssignedIdentity: + description: 'AksAssignedIdentity: Identity of the Extension resource + in an AKS cluster' + properties: + principalId: + description: 'PrincipalId: The principal ID of resource identity.' + type: string + tenantId: + description: 'TenantId: The tenant ID of resource.' + type: string + type: + description: 'Type: The identity type.' + type: string + type: object + autoUpgradeMinorVersion: + description: 'AutoUpgradeMinorVersion: Flag to note if this extension + participates in auto upgrade of minor version, or not.' + type: boolean + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + configurationProtectedSettings: + additionalProperties: + type: string + description: |- + ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this + extension. + type: object + configurationSettings: + additionalProperties: + type: string + description: 'ConfigurationSettings: Configuration settings, as name-value + pairs for configuring this extension.' + type: object + currentVersion: + description: 'CurrentVersion: Currently installed version of the extension.' + type: string + customLocationSettings: + additionalProperties: + type: string + description: 'CustomLocationSettings: Custom Location settings properties.' + type: object + errorInfo: + description: 'ErrorInfo: Error information from the Agent - e.g. errors + during installation.' + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + details: + description: 'Details: The error details.' + items: + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional + info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + type: array + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + extensionType: + description: |- + ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types + registered with Microsoft.KubernetesConfiguration by the Extension publisher. + type: string + id: + description: |- + Id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + type: string + identity: + description: 'Identity: Identity of the Extension resource' + properties: + principalId: + description: 'PrincipalId: The principal ID of resource identity.' + type: string + tenantId: + description: 'TenantId: The tenant ID of resource.' + type: string + type: + description: 'Type: The identity type.' + type: string + type: object + isSystemExtension: + description: 'IsSystemExtension: Flag to note if this extension is + a system extension' + type: boolean + name: + description: 'Name: The name of the resource' + type: string + packageUri: + description: 'PackageUri: Uri of the Helm package' + type: string + plan: + description: 'Plan: The plan information.' + properties: + name: + description: 'Name: A user defined name of the 3rd Party Artifact + that is being procured.' + type: string + product: + description: |- + Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the + artifact at the time of Data Market onboarding. + type: string + promotionCode: + description: 'PromotionCode: A publisher provided promotion code + as provisioned in Data Market for the said product/artifact.' + type: string + publisher: + description: 'Publisher: The publisher of the 3rd Party Artifact + that is being bought. E.g. NewRelic' + type: string + version: + description: 'Version: The version of the desired product/artifact.' + type: string + type: object + provisioningState: + description: 'ProvisioningState: Status of installation of this extension.' + type: string + releaseTrain: + description: |- + ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if + autoUpgradeMinorVersion is 'true'. + type: string + scope: + description: 'Scope: Scope at which the extension is installed.' + properties: + cluster: + description: 'Cluster: Specifies that the scope of the extension + is Cluster' + properties: + releaseNamespace: + description: |- + ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this + namespace does not exist, it will be created + type: string + type: object + namespace: + description: 'Namespace: Specifies that the scope of the extension + is Namespace' + properties: + targetNamespace: + description: |- + TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace + does not exist, it will be created + type: string + type: object + type: object + statuses: + description: 'Statuses: Status from this extension.' + items: + description: Status from the extension. + properties: + code: + description: 'Code: Status code provided by the Extension' + type: string + displayStatus: + description: 'DisplayStatus: Short description of status of + the extension.' + type: string + level: + description: 'Level: Level of the status.' + type: string + message: + description: 'Message: Detailed message of the status from the + Extension.' + type: string + time: + description: 'Time: DateLiteral (per ISO8601) noting the time + of installation status.' + type: string + type: object + type: array + systemData: + description: |- + SystemData: Top level metadata + https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + version: + description: |- + Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion + must be 'false'. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230501storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230501.Extension + Generator information: + - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230501.Extension_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aksAssignedIdentity: + description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + type: + type: string + type: object + autoUpgradeMinorVersion: + type: boolean + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + configurationProtectedSettings: + description: |- + SecretMapReference is a reference to a Kubernetes secret in the same namespace as + the resource it is on. + properties: + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - name + type: object + configurationSettings: + additionalProperties: + type: string + type: object + extensionType: + type: string + identity: + description: |- + Storage version of v1api20230501.Identity + Identity for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + type: + type: string + type: object + operatorSpec: + description: |- + Storage version of v1api20230501.ExtensionOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230501.ExtensionOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an + extension resource, which means that any other Azure resource can be its owner. + properties: + armId: + description: Ownership across namespaces is not supported. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + plan: + description: |- + Storage version of v1api20230501.Plan + Plan for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + product: + type: string + promotionCode: + type: string + publisher: + type: string + version: + type: string + type: object + releaseTrain: + type: string + scope: + description: |- + Storage version of v1api20230501.Scope + Scope of the extension. It can be either Cluster or Namespace; but not both. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + cluster: + description: |- + Storage version of v1api20230501.ScopeCluster + Specifies that the scope of the extension is Cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + releaseNamespace: + type: string + type: object + namespace: + description: |- + Storage version of v1api20230501.ScopeNamespace + Specifies that the scope of the extension is Namespace + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + targetNamespace: + type: string + type: object + type: object + systemData: + description: |- + Storage version of v1api20230501.SystemData + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + version: + type: string + required: + - owner + type: object + status: + description: |- + Storage version of v1api20230501.Extension_STATUS + The Extension object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aksAssignedIdentity: + description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + type: object + autoUpgradeMinorVersion: + type: boolean + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + configurationProtectedSettings: + additionalProperties: + type: string + type: object + configurationSettings: + additionalProperties: + type: string + type: object + currentVersion: + type: string + customLocationSettings: + additionalProperties: + type: string + type: object + errorInfo: + description: |- + Storage version of v1api20230501.ErrorDetail_STATUS + The error detail. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20230501.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + description: Storage version of v1api20230501.ErrorDetail_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20230501.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + extensionType: + type: string + id: + type: string + identity: + description: |- + Storage version of v1api20230501.Identity_STATUS + Identity for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + type: object + isSystemExtension: + type: boolean + name: + type: string + packageUri: + type: string + plan: + description: |- + Storage version of v1api20230501.Plan_STATUS + Plan for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + product: + type: string + promotionCode: + type: string + publisher: + type: string + version: + type: string + type: object + provisioningState: + type: string + releaseTrain: + type: string + scope: + description: |- + Storage version of v1api20230501.Scope_STATUS + Scope of the extension. It can be either Cluster or Namespace; but not both. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + cluster: + description: |- + Storage version of v1api20230501.ScopeCluster_STATUS + Specifies that the scope of the extension is Cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + releaseNamespace: + type: string + type: object + namespace: + description: |- + Storage version of v1api20230501.ScopeNamespace_STATUS + Specifies that the scope of the extension is Namespace + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + targetNamespace: + type: string + type: object + type: object + statuses: + items: + description: |- + Storage version of v1api20230501.ExtensionStatus_STATUS + Status from the extension. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + displayStatus: + type: string + level: + type: string + message: + type: string + time: + type: string + type: object + type: array + systemData: + description: |- + Storage version of v1api20230501.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + version: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: fleetsmembers.containerservice.azure.com +spec: + group: containerservice.azure.com + names: + kind: FleetsMember + listKind: FleetsMemberList + plural: fleetsmembers + singular: fleetsmember + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + clusterResourceReference: + description: |- + ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/Fleet resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + properties: + clusterResourceId: + description: |- + ClusterResourceId: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + description: |- + ETag: If eTag is provided in the response body, it may also be provided as a header per the normal etag convention. + Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in + the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header + fields. + type: string + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + type: string + id: + description: |- + Id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + type: string + name: + description: 'Name: The name of the resource' + type: string + provisioningState: + description: 'ProvisioningState: The status of the last operation.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230315preview.FleetsMember + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230315preview.Fleets_Member_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + clusterResourceReference: + description: |- + ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + type: string + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/Fleet resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + description: Storage version of v1api20230315preview.Fleets_Member_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clusterResourceId: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + type: string + group: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + systemData: + description: |- + Storage version of v1api20230315preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: managedclusters.containerservice.azure.com +spec: + group: containerservice.azure.com + names: + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: |- + NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetIDReference: + description: |- + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetIDReference: + description: |- + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetIDReference: + description: |- + DiskEncryptionSetIDReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set + for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: Resource location' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be + in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Basic + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) for + more details. + enum: + - Free + - Paid + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is + Running or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set + for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Resource Id' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: Resource location' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: Resource name' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be + in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) for + more details. + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + type: + description: 'Type: Resource type' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20210501.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20210501.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20210501.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: |- + Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: |- + NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetIDReference: + description: |- + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: |- + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetIDReference: + description: |- + DiskEncryptionSetIDReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20210501.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20210501.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20210501.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20210501.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20210501.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20210501.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20210501.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: |- + Storage version of v1api20210501.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: |- + Storage version of v1api20210501.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + operatorSpec: + description: |- + Storage version of v1api20210501.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + secrets: + description: Storage version of v1api20210501.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20210501.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + servicePrincipalProfile: + description: |- + Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20210501.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20210501.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20210501.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: |- + Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20210501.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20210501.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: |- + Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: |- + Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + podIdentityProfile: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20210501.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + servicePrincipalProfile: + description: |- + Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20210501.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: |- + Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: 'PrincipalId: indicates where the PrincipalId + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: |- + CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this field will contain the full + version being used. + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230201.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20230201.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20230201.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20230201.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20230201.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20230201.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20230201.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20230201.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20230201.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20230201.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20230201.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20230201.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: |- + Storage version of v1api20230201.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20230201.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20230201.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20230201.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20230201.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20230201.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20230201.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20230201.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20230201.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20230201.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: |- + Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20230201.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20230201.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: |- + Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20230201.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + securityProfile: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20230201.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20230201.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + systemData: + description: |- + Storage version of v1api20230201.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: |- + Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20230201.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: |- + Level: The guardrails level to be used. By default, Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + - version + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReference: + description: |- + DnsZoneResourceReference: Resource ID of the DNS Zone to be associated with the web app. Used only when Web App Routing + is enabled. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - Overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: 'PrincipalId: indicates where the PrincipalId + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + enum: + - IgnoreKubernetesDeprecations + type: string + type: array + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + enum: + - RequestsAndLimits + - RequestsOnly + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: |- + UpdateMode: Each update mode level is a superset of the lower levels. Off, this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: |- + Level: The guardrails level to be used. By default, Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Guardrails' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: |- + EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a + superset of noProxy and values injected by AKS. + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceId: + description: |- + DnsZoneResourceId: Resource ID of the DNS Zone to be associated with the web app. Used only when Web App Routing is + enabled. + type: string + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: |- + Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See + [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more + instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + type: string + type: array + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: |- + UpdateMode: Each update mode level is a superset of the lower levels. Off (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + enum: + - NodeImage + - None + - Unmanaged + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: 'PrincipalId: indicates where the PrincipalId + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: |- + CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this field will contain the full + version being used. + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231001.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20231001.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20231001.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20231001.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20231001.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231001.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231001.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20231001.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20231001.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20231001.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20231001.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20231001.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231001.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20231001.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20231001.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20231001.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20231001.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20231001.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20231001.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20231001.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20231001.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231001.ServiceMeshProfile + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231001.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231001.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231001.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231001.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231001.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231001.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20231001.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20231001.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: |- + Storage version of v1api20231001.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20231001.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20231001.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20231001.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20231001.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: |- + Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20231001.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20231001.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20231001.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20231001.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + securityProfile: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20231001.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231001.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231001.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231001.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231001.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231001.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231001.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20231001.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: |- + Storage version of v1api20231001.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20231001.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20231001.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231102preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using + artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent + pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same + vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to + host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale + the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + maximum: 1000 + minimum: 0 + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings + that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled + or not.' + type: boolean + type: object + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', + ''most-pods'', ''priority'', ''random''.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + logs: + description: |- + Logs: Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes + infrastructure & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + appMonitoring: + description: |- + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + enabled or not.' + type: boolean + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Azure Monitor Container + Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsHostLogs: + description: |- + WindowsHostLogs: Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and + Text logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Windows Host Log + Collection is enabled or not for Azure Monitor Container + Insights Logs Addon.' + type: boolean + type: object + type: object + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + appMonitoringOpenTelemetryMetrics: + description: |- + AppMonitoringOpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application + Container Metrics. Collects OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor + OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Metrics is enabled or not.' + type: boolean + type: object + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReferences: + description: |- + DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only + when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS + zones must be in the same resource group and all private DNS zones must be in the same resource group. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for + the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' to enable this feature. Enabling this will add + Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + description: To determine if address belongs IPv4 or IPv6 family. + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + monitoring: + description: |- + Monitoring: This addon can be used to configure network monitoring and generate network monitoring data in Prometheus + format + properties: + enabled: + description: 'Enabled: Enable or disable the network monitoring + plugin on the cluster' + type: boolean + type: object + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + - none + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings + that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be + changed back to Manual.' + enum: + - Auto + - Manual + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all + the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. + The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled + and configured to scale AKS-managed add-ons.' + enum: + - Disabled + - Enabled + type: string + enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. + Default value is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using + artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent + pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same + vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to + host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale + the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings + that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled + or not.' + type: boolean + type: object + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', + ''most-pods'', ''priority'', ''random''.' + type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + logs: + description: |- + Logs: Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes + infrastructure & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + appMonitoring: + description: |- + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + enabled or not.' + type: boolean + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Azure Monitor Container + Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure + Monitor Container Insights Logs. + type: string + windowsHostLogs: + description: |- + WindowsHostLogs: Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and + Text logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Windows Host Log + Collection is enabled or not for Azure Monitor Container + Insights Logs Addon.' + type: boolean + type: object + type: object + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + appMonitoringOpenTelemetryMetrics: + description: |- + AppMonitoringOpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application + Container Metrics. Collects OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor + OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Metrics is enabled or not.' + type: boolean + type: object + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: |- + EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a + superset of noProxy and values injected by AKS. + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceIds: + description: |- + DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web + App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must + be in the same resource group and all private DNS zones must be in the same resource group. + items: + type: string + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: |- + Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See + [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more + instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for + the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' to enable this feature. Enabling this will add + Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + description: To determine if address belongs IPv4 or IPv6 family. + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + monitoring: + description: |- + Monitoring: This addon can be used to configure network monitoring and generate network monitoring data in Prometheus + format + properties: + enabled: + description: 'Enabled: Enable or disable the network monitoring + plugin on the cluster' + type: boolean + type: object + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings + that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be + changed back to Manual.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all + the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Safeguards' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. + The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled + and configured to scale AKS-managed add-ons.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. + Default value is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231102previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231102preview.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231102preview.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20231102preview.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20231102preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20231102preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231102preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231102preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231102preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231102preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20231102preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + apiServerAccessProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: + type: string + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile + Prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs + Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes infrastructure + & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + containerInsights: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsHostLogs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs + Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and Text logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + metrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoringOpenTelemetryMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics for prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + creationData: + description: |- + Storage version of v1api20231102preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20231102preview.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20231102preview.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20231102preview.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + ingressProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfile + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + type: boolean + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20231102preview.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20231102preview.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20231102preview.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + metricsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterMetricsProfile + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20231102preview.ManagedClusterCostAnalysis + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + networkProfile: + description: |- + Storage version of v1api20231102preview.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + monitoring: + description: |- + Storage version of v1api20231102preview.NetworkMonitoring + This addon can be used to configure network monitoring and generate network monitoring data in Prometheus format + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + natGatewayProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeProvisioningProfile: + description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object + nodeResourceGroup: + type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object + oidcIssuerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20231102preview.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20231102preview.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20231102preview.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20231102preview.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20231102preview.SafeguardsProfile + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + version: + type: string + type: object + securityProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20231102preview.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + items: + type: string + type: array + defender: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + imageIntegrity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + workloadIdentity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231102preview.ServiceMeshProfile + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231102preview.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231102preview.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231102preview.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231102preview.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231102preview.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231102preview.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20231102preview.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: |- + Storage version of v1api20231102preview.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20231102preview.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20231102preview.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20231102preview.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20231102preview.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20231102preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupID: + type: string + kubeletConfig: + description: |- + Storage version of v1api20231102preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231102preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231102preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231102preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231102preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20231102preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile_STATUS + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + apiServerAccessProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: + type: string + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile_STATUS + Prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs_STATUS + Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes infrastructure + & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + containerInsights: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + windowsHostLogs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs_STATUS + Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and Text logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + metrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoringOpenTelemetryMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics for prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + Storage version of v1api20231102preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20231102preview.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveNoProxy: + items: + type: string + type: array + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20231102preview.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20231102preview.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20231102preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + ingressProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfile_STATUS + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting_STATUS + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceIds: + items: + type: string + type: array + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20231102preview.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20231102preview.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20231102preview.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + metricsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterMetricsProfile_STATUS + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20231102preview.ManagedClusterCostAnalysis_STATUS + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + monitoring: + description: |- + Storage version of v1api20231102preview.NetworkMonitoring_STATUS + This addon can be used to configure network monitoring and generate network monitoring data in Prometheus format + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + natGatewayProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeProvisioningProfile: + description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object + nodeResourceGroup: + type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile_STATUS + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object + oidcIssuerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20231102preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20231102preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20231102preview.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20231102preview.SafeguardsProfile_STATUS + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + systemExcludedNamespaces: + items: + type: string + type: array + version: + type: string + type: object + securityProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20231102preview.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + customCATrustCertificates: + items: + type: string + type: array + defender: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + imageIntegrity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity_STATUS + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction_STATUS + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + workloadIdentity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231102preview.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231102preview.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231102preview.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231102preview.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231102preview.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231102preview.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231102preview.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20231102preview.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: |- + Storage version of v1api20231102preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20231102preview.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20231102preview.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using + artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 + type: integer + type: object + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - Gateway + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent + pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same + vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to + host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of + nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of + nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings + that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled + or not.' + type: boolean + type: object + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', + ''most-pods'', ''priority'', ''random''.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + appMonitoring: + description: |- + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + autoInstrumentation: + description: |- + AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook + to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the + application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Auto Instrumentation is enabled or not.' + type: boolean + type: object + openTelemetryLogs: + description: |- + OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and + Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Logs and traces is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open + Telemetry logs and traces. If not specified, the default + port is 28331.' + type: integer + type: object + openTelemetryMetrics: + description: |- + OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container + Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Metrics is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open + Telemetry metrics. If not specified, the default port + is 28333.' + type: integer + type: object + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + disableCustomMetrics: + description: |- + DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the + default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is + false + type: boolean + disablePrometheusMetricsScraping: + description: |- + DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the + default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field + is false + type: boolean + enabled: + description: 'Enabled: Indicates if Azure Monitor Container + Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + syslogPort: + description: 'SyslogPort: The syslog host port. If not specified, + the default port is 28330.' + type: integer + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' + properties: + artifactSource: + description: 'ArtifactSource: The source where the artifacts are + downloaded from.' + enum: + - Cache + - Direct + type: string + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReferences: + description: |- + DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only + when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS + zones must be in the same resource group and all private DNS zones must be in the same resource group. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kind: + description: 'Kind: This is primarily used to expose different UI + experiences in the portal for different kinds' + type: string + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for + the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + advancedNetworking: + description: |- + AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced + networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + observability: + description: 'Observability: Observability profile to enable + advanced network metrics and flow logs with historical contexts.' + properties: + enabled: + description: 'Enabled: Indicates the enablement of Advanced + Networking observability functionalities on clusters.' + type: boolean + type: object + type: object + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + description: To determine if address belongs IPv4 or IPv6 family. + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + clusterServiceLoadBalancerHealthProbeMode: + description: 'ClusterServiceLoadBalancerHealthProbeMode: The + health probing behavior for External Traffic Policy Cluster + services.' + enum: + - ServiceNodePort + - Shared + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + - none + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - none + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + podLinkLocalAccess: + description: |- + PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods + with hostNetwork=false. if not specified, the default is 'IMDS'. + enum: + - IMDS + - None + type: string + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. + properties: + enabled: + description: 'Enabled: Indicates if Static Egress Gateway + addon is enabled or not.' + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings + that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be + changed back to Manual.' + enum: + - Auto + - Manual + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all + the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. + The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Automatic + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled + and configured to scale AKS-managed add-ons.' + enum: + - Disabled + - Enabled + type: string + enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. + Default value is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using + artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + type: integer + type: object + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent + pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same + vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to + host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of + nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of + nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings + that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled + or not.' + type: boolean + type: object + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', + ''most-pods'', ''priority'', ''random''.' + type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + appMonitoring: + description: |- + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + autoInstrumentation: + description: |- + AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook + to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the + application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Auto Instrumentation is enabled or not.' + type: boolean + type: object + openTelemetryLogs: + description: |- + OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and + Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Logs and traces is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open + Telemetry logs and traces. If not specified, the default + port is 28331.' + type: integer + type: object + openTelemetryMetrics: + description: |- + OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container + Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Metrics is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open + Telemetry metrics. If not specified, the default port + is 28333.' + type: integer + type: object + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + disableCustomMetrics: + description: |- + DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the + default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is + false + type: boolean + disablePrometheusMetricsScraping: + description: |- + DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the + default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field + is false + type: boolean + enabled: + description: 'Enabled: Indicates if Azure Monitor Container + Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure + Monitor Container Insights Logs. + type: string + syslogPort: + description: 'SyslogPort: The syslog host port. If not specified, + the default port is 28330.' + type: integer + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' + properties: + artifactSource: + description: 'ArtifactSource: The source where the artifacts are + downloaded from.' + type: string + containerRegistryId: + description: |- + ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium + SKU and zone redundancy. + type: string + type: object + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: |- + EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a + superset of noProxy and values injected by AKS. + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceIds: + description: |- + DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web + App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must + be in the same resource group and all private DNS zones must be in the same resource group. + items: + type: string + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: |- + Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See + [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more + instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kind: + description: 'Kind: This is primarily used to expose different UI + experiences in the portal for different kinds' + type: string + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for + the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + advancedNetworking: + description: |- + AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced + networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + observability: + description: 'Observability: Observability profile to enable + advanced network metrics and flow logs with historical contexts.' + properties: + enabled: + description: 'Enabled: Indicates the enablement of Advanced + Networking observability functionalities on clusters.' + type: boolean + type: object + type: object + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + description: To determine if address belongs IPv4 or IPv6 family. + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + clusterServiceLoadBalancerHealthProbeMode: + description: 'ClusterServiceLoadBalancerHealthProbeMode: The + health probing behavior for External Traffic Policy Cluster + services.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + podLinkLocalAccess: + description: |- + PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods + with hostNetwork=false. if not specified, the default is 'IMDS'. + type: string + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. + properties: + enabled: + description: 'Enabled: Indicates if Static Egress Gateway + addon is enabled or not.' + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings + that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be + changed back to Manual.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all + the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Safeguards' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. + The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled + and configured to scale AKS-managed add-ons.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. + Default value is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20240402preview.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20240402preview.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20240402preview.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20240402preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20240402preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podIPAllocationMode: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20240402preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + apiServerAccessProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: + type: string + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile + Prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoInstrumentation: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation + Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument + Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + openTelemetryLogs: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects + OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + port: + type: integer + type: object + openTelemetryMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + port: + type: integer + type: object + type: object + containerInsights: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + syslogPort: + type: integer + type: object + metrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics for prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + bootstrapProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterBootstrapProfile + The bootstrap profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactSource: + type: string + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + creationData: + description: |- + Storage version of v1api20240402preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20240402preview.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20240402preview.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20240402preview.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + ingressProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfile + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + type: boolean + type: object + type: object + kind: + type: string + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + metricsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterMetricsProfile + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20240402preview.ManagedClusterCostAnalysis + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + networkProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + advancedNetworking: + description: |- + Storage version of v1api20240402preview.AdvancedNetworking + Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may + incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + observability: + description: |- + Storage version of v1api20240402preview.AdvancedNetworkingObservability + Observability profile to enable advanced network metrics and flow logs with historical contexts. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + podLinkLocalAccess: + type: string + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object + nodeResourceGroup: + type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object + oidcIssuerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20240402preview.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20240402preview.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20240402preview.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20240402preview.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20240402preview.SafeguardsProfile + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + version: + type: string + type: object + securityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20240402preview.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + items: + type: string + type: array + defender: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + imageIntegrity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + workloadIdentity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20240402preview.ServiceMeshProfile + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20240402preview.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20240402preview.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20240402preview.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20240402preview.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20240402preview.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: |- + Storage version of v1api20240402preview.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20240402preview.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20240402preview.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20240402preview.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20240402preview.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + eTag: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupID: + type: string + kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20240402preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20240402preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podIPAllocationMode: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile_STATUS + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile_STATUS + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + apiServerAccessProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: + type: string + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile_STATUS + Prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoInstrumentation: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS + Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument + Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + openTelemetryLogs: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects + OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + port: + type: integer + type: object + openTelemetryMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + port: + type: integer + type: object + type: object + containerInsights: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + syslogPort: + type: integer + type: object + metrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics for prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + bootstrapProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterBootstrapProfile_STATUS + The bootstrap profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactSource: + type: string + containerRegistryId: + type: string + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + eTag: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20240402preview.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveNoProxy: + items: + type: string + type: array + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20240402preview.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20240402preview.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20240402preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + ingressProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfile_STATUS + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting_STATUS + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceIds: + items: + type: string + type: array + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + kind: + type: string + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + metricsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterMetricsProfile_STATUS + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20240402preview.ManagedClusterCostAnalysis_STATUS + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + name: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + advancedNetworking: + description: |- + Storage version of v1api20240402preview.AdvancedNetworking_STATUS + Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may + incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + observability: + description: |- + Storage version of v1api20240402preview.AdvancedNetworkingObservability_STATUS + Observability profile to enable advanced network metrics and flow logs with historical contexts. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + podLinkLocalAccess: + type: string + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile_STATUS + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object + nodeResourceGroup: + type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile_STATUS + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object + oidcIssuerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20240402preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20240402preview.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20240402preview.SafeguardsProfile_STATUS + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + systemExcludedNamespaces: + items: + type: string + type: array + version: + type: string + type: object + securityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20240402preview.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + customCATrustCertificates: + items: + type: string + type: array + defender: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + imageIntegrity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity_STATUS + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction_STATUS + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + workloadIdentity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20240402preview.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20240402preview.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20240402preview.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20240402preview.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20240402preview.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20240402preview.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: |- + Storage version of v1api20240402preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20240402preview.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20240402preview.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: managedclustersagentpools.containerservice.azure.com +spec: + group: containerservice.azure.com + names: + kind: ManagedClustersAgentPool + listKind: ManagedClustersAgentPoolList + plural: managedclustersagentpools + singular: managedclustersagentpool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: |- + NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: |- + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetIDReference: + description: |- + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is Running + or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20210501.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: |- + Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: |- + NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: |- + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: |- + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230201.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20230201.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20230201.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230202preview.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20230202preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20230202preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230202preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230202preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: |- + Storage version of v1api20230202preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20230202preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20230202preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20230202preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230202preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20230202preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20230202preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20230202preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230202preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230202preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20230202preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20230202preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20230202preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20230202preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230202preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20230202preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231001.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20231001.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20231001.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231001.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231001.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20231001.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231102preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact + streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this + group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines + agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + maximum: 1000 + minimum: 0 + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact + streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this + group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines + agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231102previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231102preview.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231102preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20231102preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20231102preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231102preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231102preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231102preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231102preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20231102preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20231102preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20231102preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20231102preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231102preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231102preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231102preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231102preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20231102preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact + streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 + type: integer + type: object + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - Gateway + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this + group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes + of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes + of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact + streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + type: integer + type: object + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this + group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes + of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes + of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20240402preview.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20240402preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20240402preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20240402preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIPAllocationMode: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20240402preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20240402preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + eTag: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20240402preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20240402preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podIPAllocationMode: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile_STATUS + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: natgateways.network.azure.com +spec: + group: network.azure.com + names: + kind: NatGateway + listKind: NatGatewayList + plural: natgateways + singular: natgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + enum: + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + required: + - owner + type: object + status: + description: Nat Gateway resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the NAT + gateway resource.' + type: string + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + resourceGuid: + description: 'ResourceGuid: The resource GUID property of the NAT + gateway resource.' + type: string + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + type: string + type: object + subnets: + description: 'Subnets: An array of references to the subnets using + this nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20220701.NatGateway + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.NatGateway_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: |- + Storage version of v1api20220701.NatGatewaySku + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + zones: + items: + type: string + type: array + required: + - owner + type: object + status: + description: |- + Storage version of v1api20220701.NatGateway_STATUS + Nat Gateway resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + type: string + id: + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + name: + type: string + provisioningState: + type: string + publicIpAddresses: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + publicIpPrefixes: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + resourceGuid: + type: string + sku: + description: |- + Storage version of v1api20220701.NatGatewaySku_STATUS + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + subnets: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + tags: + additionalProperties: + type: string + type: object + type: + type: string + zones: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: privateendpoints.network.azure.com +spec: + group: network.azure.com + names: + kind: PrivateEndpoint + listKind: PrivateEndpointList + plural: privateendpoints + singular: privateendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + ipConfigurations: + description: |- + IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party + Service's endpoints. + items: + description: An IP Configuration of the private endpoint. + properties: + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: |- + ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when + the network admin does not have access to approve connections to the remote resource. + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: |- + PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote + resource. + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: |- + RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 + chars. + type: string + type: object + type: array + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + primaryNicPrivateIpAddress: + description: |- + PrimaryNicPrivateIpAddress: indicates where the PrimaryNicPrivateIpAddress config map should be placed. If omitted, no + config map will be created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: |- + PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote + resource. + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: |- + RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 + chars. + type: string + type: object + type: array + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Private endpoint resource. + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + description: 'CustomDnsConfigs: An array of custom dns configurations.' + items: + description: Contains custom Dns resolution configuration from customer. + properties: + fqdn: + description: 'Fqdn: Fqdn that resolves to private endpoint ip + address.' + type: string + ipAddresses: + description: 'IpAddresses: A list of private ip addresses of + the private endpoint.' + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: |- + IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party + Service's endpoints. + items: + description: An IP Configuration of the private endpoint. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: |- + ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when + the network admin does not have access to approve connections to the remote resource. + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: |- + PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote + resource. + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: |- + RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 + chars. + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + name: + description: 'Name: Resource name.' + type: string + networkInterfaces: + description: 'NetworkInterfaces: An array of references to the network + interfaces created for this private endpoint.' + items: + description: A network interface in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: |- + PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote + resource. + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: |- + RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 + chars. + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the private + endpoint resource.' + type: string + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20220701.PrivateEndpoint + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.PrivateEndpoint_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: |- + Storage version of v1api20220701.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + customNetworkInterfaceName: + type: string + extendedLocation: + description: |- + Storage version of v1api20220701.ExtendedLocation + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipConfigurations: + items: + description: |- + Storage version of v1api20220701.PrivateEndpointIPConfiguration + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + operatorSpec: + description: |- + Storage version of v1api20220701.PrivateEndpointOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20220701.PrivateEndpointOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + primaryNicPrivateIpAddress: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + items: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + subnet: + description: |- + Storage version of v1api20220701.Subnet_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20220701.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: |- + Storage version of v1api20220701.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + items: + description: |- + Storage version of v1api20220701.CustomDnsConfigPropertiesFormat_STATUS + Contains custom Dns resolution configuration from customer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fqdn: + type: string + ipAddresses: + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + type: string + etag: + type: string + extendedLocation: + description: |- + Storage version of v1api20220701.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipConfigurations: + items: + description: |- + Storage version of v1api20220701.PrivateEndpointIPConfiguration_STATUS + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + name: + type: string + networkInterfaces: + items: + description: |- + Storage version of v1api20220701.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded + A network interface in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceConnections: + items: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + provisioningState: + type: string + subnet: + description: |- + Storage version of v1api20220701.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: resourcegroups.resources.azure.com +spec: + group: resources.azure.com + names: + kind: ResourceGroup + listKind: ResourceGroupList + plural: resourcegroups + singular: resourcegroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 90 + minLength: 1 + type: string + location: + description: |- + Location: The location of the resource group. It cannot be changed after the resource group has been created. It must be + one of the supported Azure locations. + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + required: + - location + type: object + status: + description: Resource group information. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: The ID of the resource group.' + type: string + location: + description: |- + Location: The location of the resource group. It cannot be changed after the resource group has been created. It must be + one of the supported Azure locations. + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + name: + description: 'Name: The name of the resource group.' + type: string + properties: + description: 'Properties: The resource group properties.' + properties: + provisioningState: + description: 'ProvisioningState: The provisioning state.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + type: + description: 'Type: The type of the resource group.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20200601.ResourceGroup + Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20200601.ResourceGroup_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + location: + type: string + managedBy: + type: string + originalVersion: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + status: + description: |- + Storage version of v1api20200601.ResourceGroup_STATUS + Resource group information. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + location: + type: string + managedBy: + type: string + name: + type: string + properties: + description: |- + Storage version of v1api20200601.ResourceGroupProperties_STATUS + The resource group properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + provisioningState: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: virtualnetworks.network.azure.com +spec: + group: network.azure.com + names: + kind: VirtualNetwork + listKind: VirtualNetworkList + plural: virtualnetworks + singular: virtualnetwork + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + required: + - virtualNetworkCommunity + type: object + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: |- + EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It + requires a DDoS protection plan associated with the resource. + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Virtual Network resource. + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + regionalCommunity: + description: 'RegionalCommunity: The BGP community associated + with the region of the virtual network.' + type: string + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + type: object + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: |- + EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It + requires a DDoS protection plan associated with the resource. + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the virtual + network resource.' + type: string + resourceGuid: + description: 'ResourceGuid: The resourceGuid property of the Virtual + Network resource.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20201101.VirtualNetwork + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetwork_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressSpace: + description: |- + Storage version of v1api20201101.AddressSpace + AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + bgpCommunities: + description: |- + Storage version of v1api20201101.VirtualNetworkBgpCommunities + Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + virtualNetworkCommunity: + type: string + type: object + ddosProtectionPlan: + description: |- + Storage version of v1api20201101.SubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: |- + Storage version of v1api20201101.DhcpOptions + DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for + a subnet overrides VNET DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20201101.ExtendedLocation + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipAllocations: + items: + description: |- + Storage version of v1api20201101.SubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20201101.VirtualNetwork_STATUS + Virtual Network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressSpace: + description: |- + Storage version of v1api20201101.AddressSpace_STATUS + AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + bgpCommunities: + description: |- + Storage version of v1api20201101.VirtualNetworkBgpCommunities_STATUS + Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + regionalCommunity: + type: string + virtualNetworkCommunity: + type: string + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: |- + Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + dhcpOptions: + description: |- + Storage version of v1api20201101.DhcpOptions_STATUS + DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for + a subnet overrides VNET DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + etag: + type: string + extendedLocation: + description: |- + Storage version of v1api20201101.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipAllocations: + items: + description: |- + Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + resourceGuid: + type: string + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade + service.beta.openshift.io/inject-cabundle: "true" + creationTimestamp: null + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: virtualnetworkssubnets.network.azure.com +spec: + group: network.azure.com + names: + kind: VirtualNetworksSubnet + listKind: VirtualNetworksSubnetList + plural: virtualnetworkssubnets + singular: virtualnetworkssubnet + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: object + type: array + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a network.azure.com/VirtualNetwork resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + enum: + - Disabled + - Enabled + type: string + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + enum: + - Disabled + - Enabled + type: string + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + required: + - owner + type: object + status: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + actions: + description: 'Actions: The actions permitted to the service + upon delegation.' + items: + type: string + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service delegation resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: + description: 'Type: Resource type.' + type: string + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurationProfiles: + description: 'IpConfigurationProfiles: Array of IP configuration profiles + which reference this subnet.' + items: + description: IP configuration profile child resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurations: + description: 'IpConfigurations: An array of references to the network + interface IP configurations using subnet.' + items: + description: IP configuration. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + type: string + privateEndpoints: + description: 'PrivateEndpoints: An array of references to private + endpoints.' + items: + description: Private endpoint resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the subnet + resource.' + type: string + purpose: + description: |- + Purpose: A read-only string identifying the intention of use for this subnet based on delegations and other user-defined + properties. + type: string + resourceNavigationLinks: + description: 'ResourceNavigationLinks: An array of references to the + external resources using subnet.' + items: + description: ResourceNavigationLink resource. + properties: + id: + description: 'Id: Resource navigation link identifier.' + type: string + type: object + type: array + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + serviceAssociationLinks: + description: 'ServiceAssociationLinks: An array of references to services + injecting into this subnet.' + items: + description: ServiceAssociationLink resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service endpoint resource.' + type: string + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20201101.VirtualNetworksSubnet + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: |- + Storage version of v1api20201101.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + delegations: + items: + description: |- + Storage version of v1api20201101.Delegation + Details the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + serviceName: + type: string + type: object + type: array + ipAllocations: + items: + description: |- + Storage version of v1api20201101.SubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: |- + Storage version of v1api20201101.SubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: |- + Storage version of v1api20201101.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a network.azure.com/VirtualNetwork resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateLinkServiceNetworkPolicies: + type: string + routeTable: + description: |- + Storage version of v1api20201101.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + items: + description: |- + Storage version of v1api20201101.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + items: + description: |- + Storage version of v1api20201101.ServiceEndpointPropertiesFormat + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + service: + type: string + type: object + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: |- + Storage version of v1api20201101.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + items: + description: |- + Storage version of v1api20201101.Delegation_STATUS + Details the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actions: + items: + type: string + type: array + etag: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + serviceName: + type: string + type: + type: string + type: object + type: array + etag: + type: string + id: + type: string + ipAllocations: + items: + description: |- + Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurationProfiles: + items: + description: |- + Storage version of v1api20201101.IPConfigurationProfile_STATUS + IP configuration profile child resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurations: + items: + description: |- + Storage version of v1api20201101.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + name: + type: string + natGateway: + description: |- + Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + networkSecurityGroup: + description: |- + Storage version of v1api20201101.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateEndpoints: + items: + description: |- + Storage version of v1api20201101.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + type: string + provisioningState: + type: string + purpose: + type: string + resourceNavigationLinks: + items: + description: |- + Storage version of v1api20201101.ResourceNavigationLink_STATUS + ResourceNavigationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + routeTable: + description: |- + Storage version of v1api20201101.RouteTable_STATUS_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + serviceAssociationLinks: + items: + description: |- + Storage version of v1api20201101.ServiceAssociationLink_STATUS + ServiceAssociationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpointPolicies: + items: + description: |- + Storage version of v1api20201101.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpoints: + items: + description: |- + Storage version of v1api20201101.ServiceEndpointPropertiesFormat_STATUS + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + provisioningState: + type: string + service: + type: string + type: object + type: array + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null +--- apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingAdmissionPolicy metadata: diff --git a/openshift/infrastructure-components.yaml b/openshift/infrastructure-components.yaml index 7a882eb9500..b8cd17eb701 100644 --- a/openshift/infrastructure-components.yaml +++ b/openshift/infrastructure-components.yaml @@ -9794,261 +9794,70520 @@ spec: served: true storage: true --- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-azure - name: capz-manager - namespace: capz-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-azure - name: capz-leader-election-role - namespace: capz-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 labels: - cluster.x-k8s.io/aggregate-to-capz-manager: "true" - cluster.x-k8s.io/provider: infrastructure-azure - name: capz-base-manager-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - bootstrap.cluster.x-k8s.io - resources: - - kubeadmconfigs - - kubeadmconfigs/status - verbs: - - get - - list - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters - verbs: - - create -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - verbs: - - get - - list - - patch - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - machinepools - verbs: - - create -- apiGroups: - - cluster.x-k8s.io - resources: - - machinepools - - machinepools/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - machines - - machines/status - verbs: - - delete - - get - - list - - watch -- apiGroups: - - containerservice.azure.com - resources: - - fleetsmembers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - containerservice.azure.com - resources: - - fleetsmembers/status - verbs: - - get - - list - - watch -- apiGroups: - - containerservice.azure.com - resources: - - managedclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - containerservice.azure.com - resources: - - managedclusters/status - verbs: - - get - - list - - watch -- apiGroups: - - containerservice.azure.com - resources: - - managedclustersagentpools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - containerservice.azure.com - resources: - - managedclustersagentpools/status - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedclusters/finalizers - verbs: - - update -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedclusters/status - verbs: - - get - - patch - - update -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedcontrolplanes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedcontrolplanes/finalizers - verbs: - - update -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedcontrolplanes/status - verbs: - - get - - patch + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: bastionhosts.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: BastionHost + listKind: BastionHostList + plural: bastionhosts + singular: bastionhost + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + name: + description: 'Name: Name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + privateIPAllocationMethod: + description: 'PrivateIPAllocationMethod: Private IP allocation + method.' + enum: + - Dynamic + - Static + type: string + publicIPAddress: + description: 'PublicIPAddress: Reference of the PublicIP resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: 'Subnet: Reference of the subnet resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + required: + - publicIPAddress + - subnet + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + maximum: 50 + minimum: 2 + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + enum: + - Basic + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Bastion Host resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the bastion + host resource.' + type: string + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20220701.BastionHost + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.BastionHost_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + ipConfigurations: + items: + description: |- + Storage version of v1api20220701.BastionHostIPConfiguration + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + privateIPAllocationMethod: + type: string + publicIPAddress: + description: |- + Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: |- + Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + type: integer + sku: + description: |- + Storage version of v1api20220701.Sku + The sku of this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20220701.BastionHost_STATUS + Bastion Host resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + etag: + type: string + id: + type: string + ipConfigurations: + items: + description: |- + Storage version of v1api20220701.BastionHostIPConfiguration_STATUS + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + scaleUnits: + type: integer + sku: + description: |- + Storage version of v1api20220701.Sku_STATUS + The sku of this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: extensions.kubernetesconfiguration.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: kubernetesconfiguration.azure.com + names: + kind: Extension + listKind: ExtensionList + plural: extensions + singular: extension + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230501 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aksAssignedIdentity: + description: 'AksAssignedIdentity: Identity of the Extension resource + in an AKS cluster' + properties: + type: + description: 'Type: The identity type.' + enum: + - SystemAssigned + - UserAssigned + type: string + type: object + autoUpgradeMinorVersion: + description: 'AutoUpgradeMinorVersion: Flag to note if this extension + participates in auto upgrade of minor version, or not.' + type: boolean + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + configurationProtectedSettings: + description: |- + ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this + extension. + properties: + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - name + type: object + configurationSettings: + additionalProperties: + type: string + description: 'ConfigurationSettings: Configuration settings, as name-value + pairs for configuring this extension.' + type: object + extensionType: + description: |- + ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types + registered with Microsoft.KubernetesConfiguration by the Extension publisher. + type: string + identity: + description: 'Identity: Identity of the Extension resource' + properties: + type: + description: 'Type: The identity type.' + enum: + - SystemAssigned + type: string + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + principalId: + description: 'PrincipalId: indicates where the PrincipalId + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an + extension resource, which means that any other Azure resource can be its owner. + properties: + armId: + description: Ownership across namespaces is not supported. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + plan: + description: 'Plan: The plan information.' + properties: + name: + description: 'Name: A user defined name of the 3rd Party Artifact + that is being procured.' + type: string + product: + description: |- + Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the + artifact at the time of Data Market onboarding. + type: string + promotionCode: + description: 'PromotionCode: A publisher provided promotion code + as provisioned in Data Market for the said product/artifact.' + type: string + publisher: + description: 'Publisher: The publisher of the 3rd Party Artifact + that is being bought. E.g. NewRelic' + type: string + version: + description: 'Version: The version of the desired product/artifact.' + type: string + required: + - name + - product + - publisher + type: object + releaseTrain: + description: |- + ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if + autoUpgradeMinorVersion is 'true'. + type: string + scope: + description: 'Scope: Scope at which the extension is installed.' + properties: + cluster: + description: 'Cluster: Specifies that the scope of the extension + is Cluster' + properties: + releaseNamespace: + description: |- + ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this + namespace does not exist, it will be created + type: string + type: object + namespace: + description: 'Namespace: Specifies that the scope of the extension + is Namespace' + properties: + targetNamespace: + description: |- + TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace + does not exist, it will be created + type: string + type: object + type: object + systemData: + description: |- + SystemData: Top level metadata + https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + enum: + - Application + - Key + - ManagedIdentity + - User + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + enum: + - Application + - Key + - ManagedIdentity + - User + type: string + type: object + version: + description: |- + Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion + must be 'false'. + type: string + required: + - owner + type: object + status: + description: The Extension object. + properties: + aksAssignedIdentity: + description: 'AksAssignedIdentity: Identity of the Extension resource + in an AKS cluster' + properties: + principalId: + description: 'PrincipalId: The principal ID of resource identity.' + type: string + tenantId: + description: 'TenantId: The tenant ID of resource.' + type: string + type: + description: 'Type: The identity type.' + type: string + type: object + autoUpgradeMinorVersion: + description: 'AutoUpgradeMinorVersion: Flag to note if this extension + participates in auto upgrade of minor version, or not.' + type: boolean + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + configurationProtectedSettings: + additionalProperties: + type: string + description: |- + ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this + extension. + type: object + configurationSettings: + additionalProperties: + type: string + description: 'ConfigurationSettings: Configuration settings, as name-value + pairs for configuring this extension.' + type: object + currentVersion: + description: 'CurrentVersion: Currently installed version of the extension.' + type: string + customLocationSettings: + additionalProperties: + type: string + description: 'CustomLocationSettings: Custom Location settings properties.' + type: object + errorInfo: + description: 'ErrorInfo: Error information from the Agent - e.g. errors + during installation.' + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + details: + description: 'Details: The error details.' + items: + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional + info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + type: array + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + extensionType: + description: |- + ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types + registered with Microsoft.KubernetesConfiguration by the Extension publisher. + type: string + id: + description: |- + Id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + type: string + identity: + description: 'Identity: Identity of the Extension resource' + properties: + principalId: + description: 'PrincipalId: The principal ID of resource identity.' + type: string + tenantId: + description: 'TenantId: The tenant ID of resource.' + type: string + type: + description: 'Type: The identity type.' + type: string + type: object + isSystemExtension: + description: 'IsSystemExtension: Flag to note if this extension is + a system extension' + type: boolean + name: + description: 'Name: The name of the resource' + type: string + packageUri: + description: 'PackageUri: Uri of the Helm package' + type: string + plan: + description: 'Plan: The plan information.' + properties: + name: + description: 'Name: A user defined name of the 3rd Party Artifact + that is being procured.' + type: string + product: + description: |- + Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the + artifact at the time of Data Market onboarding. + type: string + promotionCode: + description: 'PromotionCode: A publisher provided promotion code + as provisioned in Data Market for the said product/artifact.' + type: string + publisher: + description: 'Publisher: The publisher of the 3rd Party Artifact + that is being bought. E.g. NewRelic' + type: string + version: + description: 'Version: The version of the desired product/artifact.' + type: string + type: object + provisioningState: + description: 'ProvisioningState: Status of installation of this extension.' + type: string + releaseTrain: + description: |- + ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if + autoUpgradeMinorVersion is 'true'. + type: string + scope: + description: 'Scope: Scope at which the extension is installed.' + properties: + cluster: + description: 'Cluster: Specifies that the scope of the extension + is Cluster' + properties: + releaseNamespace: + description: |- + ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this + namespace does not exist, it will be created + type: string + type: object + namespace: + description: 'Namespace: Specifies that the scope of the extension + is Namespace' + properties: + targetNamespace: + description: |- + TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace + does not exist, it will be created + type: string + type: object + type: object + statuses: + description: 'Statuses: Status from this extension.' + items: + description: Status from the extension. + properties: + code: + description: 'Code: Status code provided by the Extension' + type: string + displayStatus: + description: 'DisplayStatus: Short description of status of + the extension.' + type: string + level: + description: 'Level: Level of the status.' + type: string + message: + description: 'Message: Detailed message of the status from the + Extension.' + type: string + time: + description: 'Time: DateLiteral (per ISO8601) noting the time + of installation status.' + type: string + type: object + type: array + systemData: + description: |- + SystemData: Top level metadata + https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + version: + description: |- + Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion + must be 'false'. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230501storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230501.Extension + Generator information: + - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230501.Extension_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aksAssignedIdentity: + description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + type: + type: string + type: object + autoUpgradeMinorVersion: + type: boolean + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + configurationProtectedSettings: + description: |- + SecretMapReference is a reference to a Kubernetes secret in the same namespace as + the resource it is on. + properties: + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - name + type: object + configurationSettings: + additionalProperties: + type: string + type: object + extensionType: + type: string + identity: + description: |- + Storage version of v1api20230501.Identity + Identity for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + type: + type: string + type: object + operatorSpec: + description: |- + Storage version of v1api20230501.ExtensionOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230501.ExtensionOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an + extension resource, which means that any other Azure resource can be its owner. + properties: + armId: + description: Ownership across namespaces is not supported. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + plan: + description: |- + Storage version of v1api20230501.Plan + Plan for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + product: + type: string + promotionCode: + type: string + publisher: + type: string + version: + type: string + type: object + releaseTrain: + type: string + scope: + description: |- + Storage version of v1api20230501.Scope + Scope of the extension. It can be either Cluster or Namespace; but not both. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + cluster: + description: |- + Storage version of v1api20230501.ScopeCluster + Specifies that the scope of the extension is Cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + releaseNamespace: + type: string + type: object + namespace: + description: |- + Storage version of v1api20230501.ScopeNamespace + Specifies that the scope of the extension is Namespace + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + targetNamespace: + type: string + type: object + type: object + systemData: + description: |- + Storage version of v1api20230501.SystemData + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + version: + type: string + required: + - owner + type: object + status: + description: |- + Storage version of v1api20230501.Extension_STATUS + The Extension object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aksAssignedIdentity: + description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + type: object + autoUpgradeMinorVersion: + type: boolean + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + configurationProtectedSettings: + additionalProperties: + type: string + type: object + configurationSettings: + additionalProperties: + type: string + type: object + currentVersion: + type: string + customLocationSettings: + additionalProperties: + type: string + type: object + errorInfo: + description: |- + Storage version of v1api20230501.ErrorDetail_STATUS + The error detail. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20230501.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + description: Storage version of v1api20230501.ErrorDetail_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20230501.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + extensionType: + type: string + id: + type: string + identity: + description: |- + Storage version of v1api20230501.Identity_STATUS + Identity for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + type: object + isSystemExtension: + type: boolean + name: + type: string + packageUri: + type: string + plan: + description: |- + Storage version of v1api20230501.Plan_STATUS + Plan for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + product: + type: string + promotionCode: + type: string + publisher: + type: string + version: + type: string + type: object + provisioningState: + type: string + releaseTrain: + type: string + scope: + description: |- + Storage version of v1api20230501.Scope_STATUS + Scope of the extension. It can be either Cluster or Namespace; but not both. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + cluster: + description: |- + Storage version of v1api20230501.ScopeCluster_STATUS + Specifies that the scope of the extension is Cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + releaseNamespace: + type: string + type: object + namespace: + description: |- + Storage version of v1api20230501.ScopeNamespace_STATUS + Specifies that the scope of the extension is Namespace + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + targetNamespace: + type: string + type: object + type: object + statuses: + items: + description: |- + Storage version of v1api20230501.ExtensionStatus_STATUS + Status from the extension. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + displayStatus: + type: string + level: + type: string + message: + type: string + time: + type: string + type: object + type: array + systemData: + description: |- + Storage version of v1api20230501.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + version: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: fleetsmembers.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: FleetsMember + listKind: FleetsMemberList + plural: fleetsmembers + singular: fleetsmember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + clusterResourceReference: + description: |- + ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/Fleet resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + properties: + clusterResourceId: + description: |- + ClusterResourceId: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + description: |- + ETag: If eTag is provided in the response body, it may also be provided as a header per the normal etag convention. + Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in + the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header + fields. + type: string + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + type: string + id: + description: |- + Id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + type: string + name: + description: 'Name: The name of the resource' + type: string + provisioningState: + description: 'ProvisioningState: The status of the last operation.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230315preview.FleetsMember + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230315preview.Fleets_Member_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + clusterResourceReference: + description: |- + ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + type: string + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/Fleet resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + description: Storage version of v1api20230315preview.Fleets_Member_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clusterResourceId: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + type: string + group: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + systemData: + description: |- + Storage version of v1api20230315preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: managedclusters.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: |- + NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetIDReference: + description: |- + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetIDReference: + description: |- + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetIDReference: + description: |- + DiskEncryptionSetIDReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set + for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: Resource location' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be + in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Basic + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) for + more details. + enum: + - Free + - Paid + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is + Running or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set + for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Resource Id' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: Resource location' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: Resource name' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be + in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) for + more details. + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + type: + description: 'Type: Resource type' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20210501.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20210501.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20210501.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: |- + Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: |- + NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetIDReference: + description: |- + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: |- + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetIDReference: + description: |- + DiskEncryptionSetIDReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20210501.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20210501.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20210501.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20210501.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20210501.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20210501.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20210501.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: |- + Storage version of v1api20210501.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: |- + Storage version of v1api20210501.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + operatorSpec: + description: |- + Storage version of v1api20210501.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + secrets: + description: Storage version of v1api20210501.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20210501.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + servicePrincipalProfile: + description: |- + Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20210501.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20210501.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20210501.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: |- + Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20210501.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20210501.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: |- + Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: |- + Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + podIdentityProfile: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20210501.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + servicePrincipalProfile: + description: |- + Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20210501.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: |- + Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: 'PrincipalId: indicates where the PrincipalId + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: |- + CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this field will contain the full + version being used. + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230201.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20230201.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20230201.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20230201.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20230201.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20230201.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20230201.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20230201.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20230201.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20230201.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20230201.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20230201.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: |- + Storage version of v1api20230201.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20230201.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20230201.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20230201.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20230201.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20230201.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20230201.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20230201.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20230201.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20230201.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: |- + Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20230201.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20230201.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: |- + Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20230201.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + securityProfile: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20230201.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20230201.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + systemData: + description: |- + Storage version of v1api20230201.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: |- + Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20230201.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: |- + Level: The guardrails level to be used. By default, Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + - version + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReference: + description: |- + DnsZoneResourceReference: Resource ID of the DNS Zone to be associated with the web app. Used only when Web App Routing + is enabled. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - Overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: 'PrincipalId: indicates where the PrincipalId + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + enum: + - IgnoreKubernetesDeprecations + type: string + type: array + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + enum: + - RequestsAndLimits + - RequestsOnly + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: |- + UpdateMode: Each update mode level is a superset of the lower levels. Off, this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: |- + Level: The guardrails level to be used. By default, Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Guardrails' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: |- + EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a + superset of noProxy and values injected by AKS. + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceId: + description: |- + DnsZoneResourceId: Resource ID of the DNS Zone to be associated with the web app. Used only when Web App Routing is + enabled. + type: string + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: |- + Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See + [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more + instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + dockerBridgeCidr: + description: |- + DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP + ranges or the Kubernetes service address range. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + type: string + type: array + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: |- + UpdateMode: Each update mode level is a superset of the lower levels. Off (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + enum: + - NodeImage + - None + - Unmanaged + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: 'PrincipalId: indicates where the PrincipalId + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: |- + CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this field will contain the full + version being used. + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231001.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20231001.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20231001.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20231001.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20231001.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231001.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231001.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20231001.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20231001.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20231001.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20231001.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20231001.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231001.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20231001.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20231001.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20231001.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20231001.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20231001.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + principalId: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20231001.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20231001.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20231001.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231001.ServiceMeshProfile + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231001.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231001.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231001.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231001.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231001.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231001.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20231001.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20231001.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: |- + Storage version of v1api20231001.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20231001.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20231001.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20231001.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20231001.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: |- + Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20231001.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20231001.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20231001.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20231001.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + securityProfile: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20231001.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231001.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231001.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231001.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231001.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231001.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231001.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20231001.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: |- + Storage version of v1api20231001.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20231001.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20231001.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231102preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using + artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent + pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same + vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to + host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale + the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + maximum: 1000 + minimum: 0 + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings + that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled + or not.' + type: boolean + type: object + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', + ''most-pods'', ''priority'', ''random''.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + logs: + description: |- + Logs: Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes + infrastructure & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + appMonitoring: + description: |- + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + enabled or not.' + type: boolean + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Azure Monitor Container + Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsHostLogs: + description: |- + WindowsHostLogs: Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and + Text logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Windows Host Log + Collection is enabled or not for Azure Monitor Container + Insights Logs Addon.' + type: boolean + type: object + type: object + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + appMonitoringOpenTelemetryMetrics: + description: |- + AppMonitoringOpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application + Container Metrics. Collects OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor + OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Metrics is enabled or not.' + type: boolean + type: object + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReferences: + description: |- + DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only + when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS + zones must be in the same resource group and all private DNS zones must be in the same resource group. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for + the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' to enable this feature. Enabling this will add + Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + description: To determine if address belongs IPv4 or IPv6 family. + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + monitoring: + description: |- + Monitoring: This addon can be used to configure network monitoring and generate network monitoring data in Prometheus + format + properties: + enabled: + description: 'Enabled: Enable or disable the network monitoring + plugin on the cluster' + type: boolean + type: object + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + - none + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings + that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be + changed back to Manual.' + enum: + - Auto + - Manual + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all + the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. + The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled + and configured to scale AKS-managed add-ons.' + enum: + - Disabled + - Enabled + type: string + enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. + Default value is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using + artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent + pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same + vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to + host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale + the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings + that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled + or not.' + type: boolean + type: object + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', + ''most-pods'', ''priority'', ''random''.' + type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + logs: + description: |- + Logs: Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes + infrastructure & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + appMonitoring: + description: |- + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + enabled or not.' + type: boolean + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Azure Monitor Container + Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure + Monitor Container Insights Logs. + type: string + windowsHostLogs: + description: |- + WindowsHostLogs: Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and + Text logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Windows Host Log + Collection is enabled or not for Azure Monitor Container + Insights Logs Addon.' + type: boolean + type: object + type: object + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + appMonitoringOpenTelemetryMetrics: + description: |- + AppMonitoringOpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application + Container Metrics. Collects OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor + OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Metrics is enabled or not.' + type: boolean + type: object + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: |- + EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a + superset of noProxy and values injected by AKS. + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceIds: + description: |- + DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web + App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must + be in the same resource group and all private DNS zones must be in the same resource group. + items: + type: string + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: |- + Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See + [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more + instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for + the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' to enable this feature. Enabling this will add + Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + description: To determine if address belongs IPv4 or IPv6 family. + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + monitoring: + description: |- + Monitoring: This addon can be used to configure network monitoring and generate network monitoring data in Prometheus + format + properties: + enabled: + description: 'Enabled: Enable or disable the network monitoring + plugin on the cluster' + type: boolean + type: object + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings + that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be + changed back to Manual.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all + the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Safeguards' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. + The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled + and configured to scale AKS-managed add-ons.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. + Default value is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231102previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231102preview.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231102preview.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20231102preview.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20231102preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20231102preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231102preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231102preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231102preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231102preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20231102preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + apiServerAccessProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: + type: string + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile + Prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs + Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes infrastructure + & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + containerInsights: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsHostLogs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs + Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and Text logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + metrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoringOpenTelemetryMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics for prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + creationData: + description: |- + Storage version of v1api20231102preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20231102preview.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20231102preview.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20231102preview.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + ingressProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfile + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + type: boolean + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20231102preview.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20231102preview.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20231102preview.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + metricsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterMetricsProfile + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20231102preview.ManagedClusterCostAnalysis + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + networkProfile: + description: |- + Storage version of v1api20231102preview.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + monitoring: + description: |- + Storage version of v1api20231102preview.NetworkMonitoring + This addon can be used to configure network monitoring and generate network monitoring data in Prometheus format + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + natGatewayProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeProvisioningProfile: + description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object + nodeResourceGroup: + type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object + oidcIssuerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20231102preview.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20231102preview.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20231102preview.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20231102preview.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20231102preview.SafeguardsProfile + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + version: + type: string + type: object + securityProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20231102preview.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + items: + type: string + type: array + defender: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + imageIntegrity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + workloadIdentity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231102preview.ServiceMeshProfile + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231102preview.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231102preview.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231102preview.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231102preview.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231102preview.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231102preview.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20231102preview.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: |- + Storage version of v1api20231102preview.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20231102preview.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20231102preview.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20231102preview.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20231102preview.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20231102preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupID: + type: string + kubeletConfig: + description: |- + Storage version of v1api20231102preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231102preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231102preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231102preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231102preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20231102preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile_STATUS + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + apiServerAccessProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: + type: string + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile_STATUS + Prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs_STATUS + Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes infrastructure + & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + containerInsights: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + windowsHostLogs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs_STATUS + Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and Text logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + metrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoringOpenTelemetryMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics for prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + Storage version of v1api20231102preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20231102preview.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveNoProxy: + items: + type: string + type: array + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20231102preview.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20231102preview.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20231102preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + ingressProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfile_STATUS + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting_STATUS + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceIds: + items: + type: string + type: array + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20231102preview.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20231102preview.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20231102preview.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + metricsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterMetricsProfile_STATUS + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20231102preview.ManagedClusterCostAnalysis_STATUS + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + monitoring: + description: |- + Storage version of v1api20231102preview.NetworkMonitoring_STATUS + This addon can be used to configure network monitoring and generate network monitoring data in Prometheus format + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + natGatewayProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20231102preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeProvisioningProfile: + description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object + nodeResourceGroup: + type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile_STATUS + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object + oidcIssuerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20231102preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20231102preview.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20231102preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20231102preview.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20231102preview.SafeguardsProfile_STATUS + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + systemExcludedNamespaces: + items: + type: string + type: array + version: + type: string + type: object + securityProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20231102preview.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + customCATrustCertificates: + items: + type: string + type: array + defender: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + imageIntegrity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity_STATUS + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction_STATUS + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + workloadIdentity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231102preview.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231102preview.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231102preview.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231102preview.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231102preview.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231102preview.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231102preview.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20231102preview.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: |- + Storage version of v1api20231102preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20231102preview.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20231102preview.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using + artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 + type: integer + type: object + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - Gateway + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent + pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same + vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to + host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of + nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of + nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings + that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled + or not.' + type: boolean + type: object + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', + ''most-pods'', ''priority'', ''random''.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + appMonitoring: + description: |- + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + autoInstrumentation: + description: |- + AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook + to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the + application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Auto Instrumentation is enabled or not.' + type: boolean + type: object + openTelemetryLogs: + description: |- + OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and + Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Logs and traces is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open + Telemetry logs and traces. If not specified, the default + port is 28331.' + type: integer + type: object + openTelemetryMetrics: + description: |- + OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container + Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Metrics is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open + Telemetry metrics. If not specified, the default port + is 28333.' + type: integer + type: object + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + disableCustomMetrics: + description: |- + DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the + default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is + false + type: boolean + disablePrometheusMetricsScraping: + description: |- + DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the + default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field + is false + type: boolean + enabled: + description: 'Enabled: Indicates if Azure Monitor Container + Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + syslogPort: + description: 'SyslogPort: The syslog host port. If not specified, + the default port is 28330.' + type: integer + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' + properties: + artifactSource: + description: 'ArtifactSource: The source where the artifacts are + downloaded from.' + enum: + - Cache + - Direct + type: string + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReferences: + description: |- + DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only + when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS + zones must be in the same resource group and all private DNS zones must be in the same resource group. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kind: + description: 'Kind: This is primarily used to expose different UI + experiences in the portal for different kinds' + type: string + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for + the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + advancedNetworking: + description: |- + AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced + networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + observability: + description: 'Observability: Observability profile to enable + advanced network metrics and flow logs with historical contexts.' + properties: + enabled: + description: 'Enabled: Indicates the enablement of Advanced + Networking observability functionalities on clusters.' + type: boolean + type: object + type: object + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + description: To determine if address belongs IPv4 or IPv6 family. + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + clusterServiceLoadBalancerHealthProbeMode: + description: 'ClusterServiceLoadBalancerHealthProbeMode: The + health probing behavior for External Traffic Policy Cluster + services.' + enum: + - ServiceNodePort + - Shared + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + - none + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - none + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + podLinkLocalAccess: + description: |- + PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods + with hostNetwork=false. if not specified, the default is 'IMDS'. + enum: + - IMDS + - None + type: string + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. + properties: + enabled: + description: 'Enabled: Indicates if Static Egress Gateway + addon is enabled or not.' + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings + that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be + changed back to Manual.' + enum: + - Auto + - Manual + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all + the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. + The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Automatic + - Base + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled + and configured to scale AKS-managed add-ons.' + enum: + - Disabled + - Enabled + type: string + enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. + Default value is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using + artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + type: integer + type: object + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent + pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same + vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to + host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of + nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of + nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings + that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled + or not.' + type: boolean + type: object + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', + ''most-pods'', ''priority'', ''random''.' + type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. + type: string + scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + type: string + scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + appMonitoring: + description: |- + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + autoInstrumentation: + description: |- + AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook + to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the + application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Auto Instrumentation is enabled or not.' + type: boolean + type: object + openTelemetryLogs: + description: |- + OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and + Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Logs and traces is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open + Telemetry logs and traces. If not specified, the default + port is 28331.' + type: integer + type: object + openTelemetryMetrics: + description: |- + OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container + Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring + Open Telemetry Metrics is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open + Telemetry metrics. If not specified, the default port + is 28333.' + type: integer + type: object + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + disableCustomMetrics: + description: |- + DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the + default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is + false + type: boolean + disablePrometheusMetricsScraping: + description: |- + DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the + default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field + is false + type: boolean + enabled: + description: 'Enabled: Indicates if Azure Monitor Container + Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure + Monitor Container Insights Logs. + type: string + syslogPort: + description: 'SyslogPort: The syslog host port. If not specified, + the default port is 28330.' + type: integer + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' + properties: + artifactSource: + description: 'ArtifactSource: The source where the artifacts are + downloaded from.' + type: string + containerRegistryId: + description: |- + ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium + SKU and zone redundancy. + type: string + type: object + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: |- + EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a + superset of noProxy and values injected by AKS. + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceIds: + description: |- + DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web + App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must + be in the same resource group and all private DNS zones must be in the same resource group. + items: + type: string + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: |- + Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See + [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more + instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kind: + description: 'Kind: This is primarily used to expose different UI + experiences in the portal for different kinds' + type: string + kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for + the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + advancedNetworking: + description: |- + AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced + networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + observability: + description: 'Observability: Observability profile to enable + advanced network metrics and flow logs with historical contexts.' + properties: + enabled: + description: 'Enabled: Indicates the enablement of Advanced + Networking observability functionalities on clusters.' + type: boolean + type: object + type: object + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + description: To determine if address belongs IPv4 or IPv6 family. + type: string + type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + clusterServiceLoadBalancerHealthProbeMode: + description: 'ClusterServiceLoadBalancerHealthProbeMode: The + health probing behavior for External Traffic Policy Cluster + services.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + type: integer + countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. + items: + type: string + type: array + podLinkLocalAccess: + description: |- + PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods + with hostNetwork=false. if not specified, the default is 'IMDS'. + type: string + serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + type: string + serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. + properties: + enabled: + description: 'Enabled: Indicates if Static Egress Gateway + addon is enabled or not.' + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings + that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be + changed back to Manual.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all + the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Safeguards' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. + type: string + keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string + type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. + The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + type: object + licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled + and configured to scale AKS-managed add-ons.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. + Default value is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20240402preview.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20240402preview.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20240402preview.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20240402preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20240402preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podIPAllocationMode: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20240402preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + apiServerAccessProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: + type: string + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile + Prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoInstrumentation: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation + Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument + Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + openTelemetryLogs: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects + OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + port: + type: integer + type: object + openTelemetryMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + port: + type: integer + type: object + type: object + containerInsights: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + syslogPort: + type: integer + type: object + metrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics for prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + bootstrapProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterBootstrapProfile + The bootstrap profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactSource: + type: string + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + creationData: + description: |- + Storage version of v1api20240402preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20240402preview.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: |- + Storage version of v1api20240402preview.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20240402preview.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + ingressProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfile + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + type: boolean + type: object + type: object + kind: + type: string + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + metricsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterMetricsProfile + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20240402preview.ManagedClusterCostAnalysis + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + networkProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + advancedNetworking: + description: |- + Storage version of v1api20240402preview.AdvancedNetworking + Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may + incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + observability: + description: |- + Storage version of v1api20240402preview.AdvancedNetworkingObservability + Observability profile to enable advanced network metrics and flow logs with historical contexts. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + podLinkLocalAccess: + type: string + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object + nodeResourceGroup: + type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object + oidcIssuerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20240402preview.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20240402preview.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20240402preview.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20240402preview.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20240402preview.SafeguardsProfile + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + version: + type: string + type: object + securityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20240402preview.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + items: + type: string + type: array + defender: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + imageIntegrity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + workloadIdentity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20240402preview.ServiceMeshProfile + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20240402preview.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20240402preview.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20240402preview.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20240402preview.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20240402preview.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: |- + Storage version of v1api20240402preview.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20240402preview.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20240402preview.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20240402preview.ManagedCluster_STATUS + Managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + aadProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: |- + Storage version of v1api20240402preview.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + eTag: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupID: + type: string + kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20240402preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20240402preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podIPAllocationMode: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile_STATUS + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile_STATUS + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + apiServerAccessProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: + type: string + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile_STATUS + Prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoInstrumentation: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS + Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument + Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + openTelemetryLogs: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects + OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + port: + type: integer + type: object + openTelemetryMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + port: + type: integer + type: object + type: object + containerInsights: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + syslogPort: + type: integer + type: object + metrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics for prometheus addon profile for the container service cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + bootstrapProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterBootstrapProfile_STATUS + The bootstrap profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactSource: + type: string + containerRegistryId: + type: string + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + eTag: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20240402preview.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: |- + Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveNoProxy: + items: + type: string + type: array + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: |- + Storage version of v1api20240402preview.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: |- + Storage version of v1api20240402preview.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20240402preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + ingressProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfile_STATUS + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting_STATUS + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceIds: + items: + type: string + type: array + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + kind: + type: string + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + metricsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterMetricsProfile_STATUS + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20240402preview.ManagedClusterCostAnalysis_STATUS + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + name: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + advancedNetworking: + description: |- + Storage version of v1api20240402preview.AdvancedNetworking_STATUS + Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may + incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + observability: + description: |- + Storage version of v1api20240402preview.AdvancedNetworkingObservability_STATUS + Observability profile to enable advanced network metrics and flow logs with historical contexts. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + podLinkLocalAccess: + type: string + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile_STATUS + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object + nodeResourceGroup: + type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile_STATUS + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object + oidcIssuerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20240402preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: |- + Storage version of v1api20240402preview.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20240402preview.SafeguardsProfile_STATUS + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + systemExcludedNamespaces: + items: + type: string + type: array + version: + type: string + type: object + securityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: |- + Storage version of v1api20240402preview.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + customCATrustCertificates: + items: + type: string + type: array + defender: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + imageIntegrity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity_STATUS + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction_STATUS + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + workloadIdentity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: |- + Storage version of v1api20240402preview.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20240402preview.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20240402preview.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20240402preview.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20240402preview.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: |- + Storage version of v1api20240402preview.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: |- + Storage version of v1api20240402preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20240402preview.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20240402preview.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: managedclustersagentpools.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedClustersAgentPool + listKind: ManagedClustersAgentPoolList + plural: managedclustersagentpools + singular: managedclustersagentpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: |- + NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: |- + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetIDReference: + description: |- + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is Running + or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20210501.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: |- + Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: |- + NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: |- + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: |- + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230201.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20230201.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20230201.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20230202preview.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20230202preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20230202preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230202preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230202preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: |- + Storage version of v1api20230202preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20230202preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20230202preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20230202preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230202preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20230202preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20230202preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20230202preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20230202preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20230202preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20230202preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20230202preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20230202preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20230202preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20230202preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20230202preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231001.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20231001.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20231001.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231001.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231001.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20231001.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231102preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact + streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this + group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines + agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + maximum: 1000 + minimum: 0 + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact + streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this + group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines + agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231102previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231102preview.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231102preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20231102preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20231102preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231102preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231102preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231102preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231102preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20231102preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20231102preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20231102preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20231102preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20231102preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20231102preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231102preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231102preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20231102preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact + streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 + type: integer + type: object + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - Gateway + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this + group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes + of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes + of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact + streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object + availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + type: integer + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean + enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption + type: boolean + enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. + type: boolean + enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + type: integer + type: object + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + type: string + cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. + type: string + type: object + kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object + spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer + maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this + group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines + agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines + agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes + of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes + of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20240402preview.ManagedClustersAgentPool + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20240402preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20240402preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20240402preview.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIPAllocationMode: + type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: |- + Storage version of v1api20240402preview.PowerState + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20240402preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + eTag: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object + gpuInstanceProfile: + type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20240402preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20240402preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeInitializationTaints: + items: + type: string + type: array + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podIPAllocationMode: + type: string + podSubnetID: + type: string + powerState: + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile_STATUS + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: natgateways.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: NatGateway + listKind: NatGatewayList + plural: natgateways + singular: natgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + enum: + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + required: + - owner + type: object + status: + description: Nat Gateway resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the NAT + gateway resource.' + type: string + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + resourceGuid: + description: 'ResourceGuid: The resource GUID property of the NAT + gateway resource.' + type: string + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + type: string + type: object + subnets: + description: 'Subnets: An array of references to the subnets using + this nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20220701.NatGateway + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.NatGateway_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: |- + Storage version of v1api20220701.NatGatewaySku + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + zones: + items: + type: string + type: array + required: + - owner + type: object + status: + description: |- + Storage version of v1api20220701.NatGateway_STATUS + Nat Gateway resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + type: string + id: + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + name: + type: string + provisioningState: + type: string + publicIpAddresses: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + publicIpPrefixes: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + resourceGuid: + type: string + sku: + description: |- + Storage version of v1api20220701.NatGatewaySku_STATUS + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + subnets: + items: + description: |- + Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + tags: + additionalProperties: + type: string + type: object + type: + type: string + zones: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: privateendpoints.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: PrivateEndpoint + listKind: PrivateEndpointList + plural: privateendpoints + singular: privateendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + ipConfigurations: + description: |- + IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party + Service's endpoints. + items: + description: An IP Configuration of the private endpoint. + properties: + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: |- + ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when + the network admin does not have access to approve connections to the remote resource. + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: |- + PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote + resource. + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: |- + RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 + chars. + type: string + type: object + type: array + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + primaryNicPrivateIpAddress: + description: |- + PrimaryNicPrivateIpAddress: indicates where the PrimaryNicPrivateIpAddress config map should be placed. If omitted, no + config map will be created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: |- + PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote + resource. + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: |- + RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 + chars. + type: string + type: object + type: array + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Private endpoint resource. + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + description: 'CustomDnsConfigs: An array of custom dns configurations.' + items: + description: Contains custom Dns resolution configuration from customer. + properties: + fqdn: + description: 'Fqdn: Fqdn that resolves to private endpoint ip + address.' + type: string + ipAddresses: + description: 'IpAddresses: A list of private ip addresses of + the private endpoint.' + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: |- + IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party + Service's endpoints. + items: + description: An IP Configuration of the private endpoint. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: |- + ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when + the network admin does not have access to approve connections to the remote resource. + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: |- + PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote + resource. + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: |- + RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 + chars. + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + name: + description: 'Name: Resource name.' + type: string + networkInterfaces: + description: 'NetworkInterfaces: An array of references to the network + interfaces created for this private endpoint.' + items: + description: A network interface in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: |- + PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote + resource. + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: |- + RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 + chars. + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the private + endpoint resource.' + type: string + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20220701.PrivateEndpoint + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.PrivateEndpoint_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: |- + Storage version of v1api20220701.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + customNetworkInterfaceName: + type: string + extendedLocation: + description: |- + Storage version of v1api20220701.ExtendedLocation + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipConfigurations: + items: + description: |- + Storage version of v1api20220701.PrivateEndpointIPConfiguration + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + operatorSpec: + description: |- + Storage version of v1api20220701.PrivateEndpointOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20220701.PrivateEndpointOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + primaryNicPrivateIpAddress: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap being referenced. + The ConfigMap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + items: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + subnet: + description: |- + Storage version of v1api20220701.Subnet_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20220701.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: |- + Storage version of v1api20220701.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + items: + description: |- + Storage version of v1api20220701.CustomDnsConfigPropertiesFormat_STATUS + Contains custom Dns resolution configuration from customer. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fqdn: + type: string + ipAddresses: + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + type: string + etag: + type: string + extendedLocation: + description: |- + Storage version of v1api20220701.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipConfigurations: + items: + description: |- + Storage version of v1api20220701.PrivateEndpointIPConfiguration_STATUS + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + name: + type: string + networkInterfaces: + items: + description: |- + Storage version of v1api20220701.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded + A network interface in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceConnections: + items: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: |- + Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + provisioningState: + type: string + subnet: + description: |- + Storage version of v1api20220701.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: resourcegroups.resources.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: resources.azure.com + names: + kind: ResourceGroup + listKind: ResourceGroupList + plural: resourcegroups + singular: resourcegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 90 + minLength: 1 + type: string + location: + description: |- + Location: The location of the resource group. It cannot be changed after the resource group has been created. It must be + one of the supported Azure locations. + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + required: + - location + type: object + status: + description: Resource group information. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: The ID of the resource group.' + type: string + location: + description: |- + Location: The location of the resource group. It cannot be changed after the resource group has been created. It must be + one of the supported Azure locations. + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + name: + description: 'Name: The name of the resource group.' + type: string + properties: + description: 'Properties: The resource group properties.' + properties: + provisioningState: + description: 'ProvisioningState: The provisioning state.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + type: + description: 'Type: The type of the resource group.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20200601.ResourceGroup + Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20200601.ResourceGroup_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + location: + type: string + managedBy: + type: string + originalVersion: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + status: + description: |- + Storage version of v1api20200601.ResourceGroup_STATUS + Resource group information. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + location: + type: string + managedBy: + type: string + name: + type: string + properties: + description: |- + Storage version of v1api20200601.ResourceGroupProperties_STATUS + The resource group properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + provisioningState: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: virtualnetworks.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: VirtualNetwork + listKind: VirtualNetworkList + plural: virtualnetworks + singular: virtualnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + required: + - virtualNetworkCommunity + type: object + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: |- + EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It + requires a DDoS protection plan associated with the resource. + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Virtual Network resource. + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + regionalCommunity: + description: 'RegionalCommunity: The BGP community associated + with the region of the virtual network.' + type: string + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + type: object + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: |- + EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It + requires a DDoS protection plan associated with the resource. + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the virtual + network resource.' + type: string + resourceGuid: + description: 'ResourceGuid: The resourceGuid property of the Virtual + Network resource.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20201101.VirtualNetwork + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetwork_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressSpace: + description: |- + Storage version of v1api20201101.AddressSpace + AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + bgpCommunities: + description: |- + Storage version of v1api20201101.VirtualNetworkBgpCommunities + Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + virtualNetworkCommunity: + type: string + type: object + ddosProtectionPlan: + description: |- + Storage version of v1api20201101.SubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: |- + Storage version of v1api20201101.DhcpOptions + DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for + a subnet overrides VNET DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20201101.ExtendedLocation + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipAllocations: + items: + description: |- + Storage version of v1api20201101.SubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: |- + Storage version of v1api20201101.VirtualNetwork_STATUS + Virtual Network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressSpace: + description: |- + Storage version of v1api20201101.AddressSpace_STATUS + AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + bgpCommunities: + description: |- + Storage version of v1api20201101.VirtualNetworkBgpCommunities_STATUS + Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + regionalCommunity: + type: string + virtualNetworkCommunity: + type: string + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: |- + Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + dhcpOptions: + description: |- + Storage version of v1api20201101.DhcpOptions_STATUS + DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for + a subnet overrides VNET DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + etag: + type: string + extendedLocation: + description: |- + Storage version of v1api20201101.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipAllocations: + items: + description: |- + Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + resourceGuid: + type: string + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: infrastructure + name: virtualnetworkssubnets.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: VirtualNetworksSubnet + listKind: VirtualNetworksSubnetList + plural: virtualnetworkssubnets + singular: virtualnetworkssubnet + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: object + type: array + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a network.azure.com/VirtualNetwork resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + enum: + - Disabled + - Enabled + type: string + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + enum: + - Disabled + - Enabled + type: string + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + required: + - owner + type: object + status: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + actions: + description: 'Actions: The actions permitted to the service + upon delegation.' + items: + type: string + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service delegation resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: + description: 'Type: Resource type.' + type: string + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurationProfiles: + description: 'IpConfigurationProfiles: Array of IP configuration profiles + which reference this subnet.' + items: + description: IP configuration profile child resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurations: + description: 'IpConfigurations: An array of references to the network + interface IP configurations using subnet.' + items: + description: IP configuration. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + type: string + privateEndpoints: + description: 'PrivateEndpoints: An array of references to private + endpoints.' + items: + description: Private endpoint resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the subnet + resource.' + type: string + purpose: + description: |- + Purpose: A read-only string identifying the intention of use for this subnet based on delegations and other user-defined + properties. + type: string + resourceNavigationLinks: + description: 'ResourceNavigationLinks: An array of references to the + external resources using subnet.' + items: + description: ResourceNavigationLink resource. + properties: + id: + description: 'Id: Resource navigation link identifier.' + type: string + type: object + type: array + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + serviceAssociationLinks: + description: 'ServiceAssociationLinks: An array of references to services + injecting into this subnet.' + items: + description: ServiceAssociationLink resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service endpoint resource.' + type: string + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20201101.VirtualNetworksSubnet + Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: |- + Storage version of v1api20201101.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + delegations: + items: + description: |- + Storage version of v1api20201101.Delegation + Details the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + serviceName: + type: string + type: object + type: array + ipAllocations: + items: + description: |- + Storage version of v1api20201101.SubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: |- + Storage version of v1api20201101.SubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: |- + Storage version of v1api20201101.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a network.azure.com/VirtualNetwork resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateLinkServiceNetworkPolicies: + type: string + routeTable: + description: |- + Storage version of v1api20201101.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + items: + description: |- + Storage version of v1api20201101.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + items: + description: |- + Storage version of v1api20201101.ServiceEndpointPropertiesFormat + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + service: + type: string + type: object + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: |- + Storage version of v1api20201101.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + items: + description: |- + Storage version of v1api20201101.Delegation_STATUS + Details the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actions: + items: + type: string + type: array + etag: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + serviceName: + type: string + type: + type: string + type: object + type: array + etag: + type: string + id: + type: string + ipAllocations: + items: + description: |- + Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurationProfiles: + items: + description: |- + Storage version of v1api20201101.IPConfigurationProfile_STATUS + IP configuration profile child resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurations: + items: + description: |- + Storage version of v1api20201101.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + name: + type: string + natGateway: + description: |- + Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + networkSecurityGroup: + description: |- + Storage version of v1api20201101.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateEndpoints: + items: + description: |- + Storage version of v1api20201101.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + type: string + provisioningState: + type: string + purpose: + type: string + resourceNavigationLinks: + items: + description: |- + Storage version of v1api20201101.ResourceNavigationLink_STATUS + ResourceNavigationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + routeTable: + description: |- + Storage version of v1api20201101.RouteTable_STATUS_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + serviceAssociationLinks: + items: + description: |- + Storage version of v1api20201101.ServiceAssociationLink_STATUS + ServiceAssociationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpointPolicies: + items: + description: |- + Storage version of v1api20201101.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpoints: + items: + description: |- + Storage version of v1api20201101.ServiceEndpointPropertiesFormat_STATUS + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + provisioningState: + type: string + service: + type: string + type: object + type: array + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: azureserviceoperator-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-crd-manager-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-crd-reader-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-manager-role +rules: +- apiGroups: + - alertsmanagement.azure.com + resources: + - prometheusrulegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - alertsmanagement.azure.com + resources: + - prometheusrulegroups/finalizers + - prometheusrulegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apis/finalizers + - apis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets/finalizers + - apiversionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationproviders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationproviders/finalizers + - authorizationproviders/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationprovidersauthorizations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationprovidersauthorizations/finalizers + - authorizationprovidersauthorizations/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationprovidersauthorizationsaccesspolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - authorizationprovidersauthorizationsaccesspolicies/finalizers + - authorizationprovidersauthorizationsaccesspolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - backends + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - backends/finalizers + - backends/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues/finalizers + - namedvalues/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policies/finalizers + - policies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments/finalizers + - policyfragments/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - productapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - productapis/finalizers + - productapis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - productpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - productpolicies/finalizers + - productpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - products + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - products/finalizers + - products/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - services/finalizers + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions/finalizers + - subscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores/finalizers + - configurationstores/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roleassignments/finalizers + - roleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roledefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roledefinitions/finalizers + - roledefinitions/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.azure.com + resources: + - batchaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.azure.com + resources: + - batchaccounts/finalizers + - batchaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redis/finalizers + - redis/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases/finalizers + - redisenterprisedatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprises/finalizers + - redisenterprises/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules/finalizers + - redisfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers/finalizers + - redislinkedservers/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules/finalizers + - redispatchschedules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - afdcustomdomains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - afdcustomdomains/finalizers + - afdcustomdomains/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - afdendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - afdendpoints/finalizers + - afdendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - afdorigingroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - afdorigingroups/finalizers + - afdorigingroups/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - afdorigins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - afdorigins/finalizers + - afdorigins/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profiles/finalizers + - profiles/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints/finalizers + - profilesendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - routes/finalizers + - routes/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - rules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - rules/finalizers + - rules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - rulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - rulesets/finalizers + - rulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - secrets/finalizers + - secrets/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - securitypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - securitypolicies/finalizers + - securitypolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets/finalizers + - diskencryptionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - disks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - disks/finalizers + - disks/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - images + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - images/finalizers + - images/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - snapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - snapshots/finalizers + - snapshots/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachines/finalizers + - virtualmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets/finalizers + - virtualmachinescalesets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesetsextensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesetsextensions/finalizers + - virtualmachinescalesetsextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinesextensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinesextensions/finalizers + - virtualmachinesextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups/finalizers + - containergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - containerregistry.azure.com + resources: + - registries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerregistry.azure.com + resources: + - registries/finalizers + - registries/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleets/finalizers + - fleets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/finalizers + - fleetsmembers/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns/finalizers + - fleetsupdateruns/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/finalizers + - managedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/finalizers + - managedclustersagentpools/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings/finalizers + - trustedaccessrolebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories/finalizers + - factories/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults/finalizers + - backupvaults/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackupinstances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackupinstances/finalizers + - backupvaultsbackupinstances/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies/finalizers + - backupvaultsbackuppolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations/finalizers + - configurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - databases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - databases/finalizers + - databases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators/finalizers + - flexibleserversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - devices.azure.com + resources: + - iothubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devices.azure.com + resources: + - iothubs/finalizers + - iothubs/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts/finalizers + - databaseaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections/finalizers + - mongodbdatabasecollections/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings/finalizers + - mongodbdatabasecollectionthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases/finalizers + - mongodbdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings/finalizers + - mongodbdatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers/finalizers + - sqldatabasecontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures/finalizers + - sqldatabasecontainerstoredprocedures/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings/finalizers + - sqldatabasecontainerthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers/finalizers + - sqldatabasecontainertriggers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions/finalizers + - sqldatabasecontaineruserdefinedfunctions/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases/finalizers + - sqldatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings/finalizers + - sqldatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments/finalizers + - sqlroleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domains/finalizers + - domains/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics/finalizers + - domainstopics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions/finalizers + - eventsubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - topics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - topics/finalizers + - topics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs/finalizers + - namespaceseventhubs/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules/finalizers + - namespaceseventhubsauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups/finalizers + - namespaceseventhubsconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - actiongroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - actiongroups/finalizers + - actiongroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings/finalizers + - autoscalesettings/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - components + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - components/finalizers + - components/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - metricalerts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - metricalerts/finalizers + - metricalerts/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules/finalizers + - scheduledqueryrules/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - webtests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - webtests/finalizers + - webtests/status + verbs: + - get + - patch + - update +- apiGroups: + - keyvault.azure.com + resources: + - vaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keyvault.azure.com + resources: + - vaults/finalizers + - vaults/status + verbs: + - get + - patch + - update +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/finalizers + - extensions/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes/finalizers + - workspacescomputes/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections/finalizers + - workspacesconnections/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials/finalizers + - federatedidentitycredentials/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities/finalizers + - userassignedidentities/status + verbs: + - get + - patch + - update +- apiGroups: + - monitor.azure.com + resources: + - accounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitor.azure.com + resources: + - accounts/finalizers + - accounts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - applicationgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - applicationgateways/finalizers + - applicationgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/finalizers + - bastionhosts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets/finalizers + - dnsforwardingrulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules/finalizers + - dnsforwardingrulesetsforwardingrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolvers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolvers/finalizers + - dnsresolvers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints/finalizers + - dnsresolversinboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints/finalizers + - dnsresolversoutboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszones/finalizers + - dnszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords/finalizers + - dnszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords/finalizers + - dnszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords/finalizers + - dnszonescaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords/finalizers + - dnszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords/finalizers + - dnszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords/finalizers + - dnszonesnsrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords/finalizers + - dnszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords/finalizers + - dnszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords/finalizers + - dnszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancers/finalizers + - loadbalancers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules/finalizers + - loadbalancersinboundnatrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/finalizers + - natgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networkinterfaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networkinterfaces/finalizers + - networkinterfaces/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups/finalizers + - networksecuritygroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules/finalizers + - networksecuritygroupssecurityrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszones/finalizers + - privatednszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords/finalizers + - privatednszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords/finalizers + - privatednszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords/finalizers + - privatednszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords/finalizers + - privatednszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords/finalizers + - privatednszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords/finalizers + - privatednszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords/finalizers + - privatednszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks/finalizers + - privatednszonesvirtualnetworklinks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/finalizers + - privateendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups/finalizers + - privateendpointsprivatednszonegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatelinkservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatelinkservices/finalizers + - privatelinkservices/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipaddresses/finalizers + - publicipaddresses/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipprefixes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipprefixes/finalizers + - publicipprefixes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetables/finalizers + - routetables/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetablesroutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetablesroutes/finalizers + - routetablesroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles/finalizers + - trafficmanagerprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints/finalizers + - trafficmanagerprofilesazureendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints/finalizers + - trafficmanagerprofilesexternalendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints/finalizers + - trafficmanagerprofilesnestedendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways/finalizers + - virtualnetworkgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworks/finalizers + - virtualnetworks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets/finalizers + - virtualnetworkssubnets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings/finalizers + - virtualnetworksvirtualnetworkpeerings/status + verbs: + - get + - patch + - update +- apiGroups: + - network.frontdoor.azure.com + resources: + - webapplicationfirewallpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.frontdoor.azure.com + resources: + - webapplicationfirewallpolicies/finalizers + - webapplicationfirewallpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/finalizers + - resourcegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - search.azure.com + resources: + - searchservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - search.azure.com + resources: + - searchservices/finalizers + - searchservices/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues/finalizers + - namespacesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics/finalizers + - namespacestopics/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions/finalizers + - namespacestopicssubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules/finalizers + - namespacestopicssubscriptionsrules/status + verbs: + - get + - patch + - update +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs/finalizers + - signalrs/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadministrators/finalizers + - serversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings/finalizers + - serversadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings/finalizers + - serversauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications/finalizers + - serversazureadonlyauthentications/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies/finalizers + - serversconnectionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabases/finalizers + - serversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings/finalizers + - serversdatabasesadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings/finalizers + - serversdatabasesauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies/finalizers + - serversdatabasesbackuplongtermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies/finalizers + - serversdatabasesbackupshorttermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies/finalizers + - serversdatabasessecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions/finalizers + - serversdatabasestransparentdataencryptions/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments/finalizers + - serversdatabasesvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools/finalizers + - serverselasticpools/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups/finalizers + - serversfailovergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules/finalizers + - serversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules/finalizers + - serversipv6firewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules/finalizers + - serversoutboundfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies/finalizers + - serverssecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules/finalizers + - serversvirtualnetworkrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments/finalizers + - serversvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccounts/finalizers + - storageaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices/finalizers + - storageaccountsblobservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers/finalizers + - storageaccountsblobservicescontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices/finalizers + - storageaccountsfileservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares/finalizers + - storageaccountsfileservicesshares/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies/finalizers + - storageaccountsmanagementpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices/finalizers + - storageaccountsqueueservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues/finalizers + - storageaccountsqueueservicesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices/finalizers + - storageaccountstableservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables/finalizers + - storageaccountstableservicestables/status + verbs: + - get + - patch + - update +- apiGroups: + - subscription.azure.com + resources: + - aliases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - subscription.azure.com + resources: + - aliases/finalizers + - aliases/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools/finalizers + - workspacesbigdatapools/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - serverfarms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - serverfarms/finalizers + - serverfarms/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - sites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - sites/finalizers + - sites/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/aggregate-to-capz-manager: "true" + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-base-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedclusters/finalizers + verbs: + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedcontrolplanes/finalizers + verbs: + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedcontrolplanes/status + verbs: + - get + - patch - update - apiGroups: - infrastructure.cluster.x-k8s.io @@ -10345,6 +80604,20 @@ rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + name: azureserviceoperator-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: azureserviceoperator-leader-election-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: cluster.x-k8s.io/provider: infrastructure-azure @@ -10361,6 +80634,45 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-crd-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-crd-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-reader-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: labels: cluster.x-k8s.io/provider: infrastructure-azure @@ -10375,6 +80687,22 @@ subjects: namespace: capz-system --- apiVersion: v1 +kind: Secret +metadata: + name: aso-controller-settings + namespace: capz-system +stringData: + AZURE_AUTHORITY_HOST: ${AZURE_AUTHORITY_HOST:=""} + AZURE_CLIENT_ID: "" + AZURE_RESOURCE_MANAGER_AUDIENCE: ${AZURE_RESOURCE_MANAGER_AUDIENCE:=""} + AZURE_RESOURCE_MANAGER_ENDPOINT: ${AZURE_RESOURCE_MANAGER_ENDPOINT:=""} + AZURE_SUBSCRIPTION_ID: "" + AZURE_SYNC_PERIOD: ${AZURE_SYNC_PERIOD:=""} + AZURE_TENANT_ID: "" + AZURE_USER_AGENT_SUFFIX: cluster-api-provider-azure/main +type: Opaque +--- +apiVersion: v1 data: subscription-id: ${AZURE_SUBSCRIPTION_ID_B64:=""} kind: Secret @@ -10387,6 +80715,37 @@ type: Opaque --- apiVersion: v1 kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager-metrics-service + namespace: capz-system +spec: + ports: + - name: metrics + port: 8443 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + name: azureserviceoperator-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service metadata: labels: cluster.x-k8s.io/provider: infrastructure-azure @@ -10401,6 +80760,183 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + aadpodidbinding: aso-manager-binding + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.8.0 + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=:8080 + - --health-addr=:8081 + - --enable-leader-election + - --v=2 + - --crd-management=none + - --webhook-port=9443 + - --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_ID + name: aso-controller-settings + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_SECRET + name: aso-controller-settings + optional: true + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + key: AZURE_TENANT_ID + name: aso-controller-settings + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: AZURE_SUBSCRIPTION_ID + name: aso-controller-settings + - name: AZURE_CLIENT_CERTIFICATE + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE + name: aso-controller-settings + optional: true + - name: AZURE_CLIENT_CERTIFICATE_PASSWORD + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE_PASSWORD + name: aso-controller-settings + optional: true + - name: AZURE_AUTHORITY_HOST + valueFrom: + secretKeyRef: + key: AZURE_AUTHORITY_HOST + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_ENDPOINT + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_ENDPOINT + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_AUDIENCE + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_AUDIENCE + name: aso-controller-settings + optional: true + - name: AZURE_TARGET_NAMESPACES + valueFrom: + secretKeyRef: + key: AZURE_TARGET_NAMESPACES + name: aso-controller-settings + optional: true + - name: AZURE_OPERATOR_MODE + valueFrom: + secretKeyRef: + key: AZURE_OPERATOR_MODE + name: aso-controller-settings + optional: true + - name: AZURE_SYNC_PERIOD + valueFrom: + secretKeyRef: + key: AZURE_SYNC_PERIOD + name: aso-controller-settings + optional: true + - name: USE_WORKLOAD_IDENTITY_AUTH + valueFrom: + secretKeyRef: + key: USE_WORKLOAD_IDENTITY_AUTH + name: aso-controller-settings + optional: true + - name: AZURE_USER_AGENT_SUFFIX + valueFrom: + secretKeyRef: + key: AZURE_USER_AGENT_SUFFIX + name: aso-controller-settings + optional: true + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: mcr.microsoft.com/k8s/azureserviceoperator:v2.8.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 60 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8081 + name: health-port + protocol: TCP + - containerPort: 8443 + name: metrics-port + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 60 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/run/secrets/tokens + name: azure-identity + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: azureserviceoperator-default + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: azure-identity + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity +--- +apiVersion: apps/v1 +kind: Deployment metadata: labels: cluster.x-k8s.io/provider: infrastructure-azure @@ -10427,7 +80963,7 @@ spec: - --leader-elect - --diagnostics-address=${CAPZ_DIAGNOSTICS_ADDRESS:=:8443} - --insecure-diagnostics=${CAPZ_INSECURE_DIAGNOSTICS:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false},ASOAPI=false + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false},ASOAPI=${EXP_ASO_API:=true} - --v=0 env: - name: AZURE_SUBSCRIPTION_ID @@ -10513,6 +81049,23 @@ spec: --- apiVersion: cert-manager.io/v1 kind: Certificate +metadata: + name: azureserviceoperator-serving-cert + namespace: capz-system +spec: + dnsNames: + - azureserviceoperator-webhook-service.capz-system.svc + - azureserviceoperator-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: azureserviceoperator-selfsigned-issuer + secretName: webhook-server-cert + subject: + organizations: + - azure +--- +apiVersion: cert-manager.io/v1 +kind: Certificate metadata: labels: cluster.x-k8s.io/provider: infrastructure-azure @@ -10527,218 +81080,13094 @@ spec: name: capz-selfsigned-issuer secretName: capz-webhook-service-cert --- -apiVersion: cert-manager.io/v1 -kind: Issuer +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: azureserviceoperator-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-alertsmanagement-azure-com-v1api20230301-prometheusrulegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230301.prometheusrulegroups.alertsmanagement.azure.com + rules: + - apiGroups: + - alertsmanagement.azure.com + apiVersions: + - v1api20230301 + operations: + - CREATE + - UPDATE + resources: + - prometheusrulegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-authorizationprovider + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.authorizationproviders.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationproviders + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-authorizationprovidersauthorization + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.authorizationprovidersauthorizations.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-authorizationprovidersauthorizationsaccesspolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.authorizationprovidersauthorizationsaccesspolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizationsaccesspolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-productapi + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.productapis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - productapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-productpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.productpolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - productpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-authorizationprovider + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.authorizationproviders.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationproviders + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-authorizationprovidersauthorization + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.authorizationprovidersauthorizations.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-authorizationprovidersauthorizationsaccesspolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.authorizationprovidersauthorizationsaccesspolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizationsaccesspolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-productapi + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.productapis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - productapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-productpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.productpolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - productpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20230501preview-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501preview.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20220401-roledefinition + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roledefinitions.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roledefinitions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-afdcustomdomain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.afdcustomdomains.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdcustomdomains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-afdendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.afdendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-afdorigingroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.afdorigingroups.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdorigingroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-afdorigin + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.afdorigins.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdorigins + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-route + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.routes.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - routes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-rule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.rules.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - rules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-ruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.rulesets.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - rulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-secret + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.secrets.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20230501-securitypolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.securitypolicies.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - securitypolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescalesetsextension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesetsextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesetsextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachinesextension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinesextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinesextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescalesetsextension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesetsextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesetsextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachinesextension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinesextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinesextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231102preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231102preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231102preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231102preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231102preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231102preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20240402preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20240402preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20240402preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20240402preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20240402preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20240402preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20231101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20231101-backupvaultsbackupinstance + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231101.backupvaultsbackupinstances.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackupinstances + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20231101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20230630-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230630.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230601preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230601preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230601preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230601preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20231115-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231115.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20220615-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-monitor-azure-com-v1api20230403-account + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230403.accounts.monitor.azure.com + rules: + - apiGroups: + - monitor.azure.com + apiVersions: + - v1api20230403 + operations: + - CREATE + - UPDATE + resources: + - accounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-frontdoor-azure-com-v1api20220501-webapplicationfirewallpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.webapplicationfirewallpolicies.network.frontdoor.azure.com + rules: + - apiGroups: + - network.frontdoor.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - webapplicationfirewallpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert labels: cluster.x-k8s.io/provider: infrastructure-azure - name: capz-selfsigned-issuer - namespace: capz-system -spec: - selfSigned: {} + name: capz-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: default.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: default.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration +kind: ValidatingWebhookConfiguration metadata: annotations: - cert-manager.io/inject-ca-from: capz-system/capz-serving-cert - labels: - cluster.x-k8s.io/provider: infrastructure-azure - name: capz-mutating-webhook-configuration + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-alertsmanagement-azure-com-v1api20230301-prometheusrulegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230301.prometheusrulegroups.alertsmanagement.azure.com + rules: + - apiGroups: + - alertsmanagement.azure.com + apiVersions: + - v1api20230301 + operations: + - CREATE + - UPDATE + resources: + - prometheusrulegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-authorizationprovider + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.authorizationproviders.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationproviders + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-authorizationprovidersauthorization + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.authorizationprovidersauthorizations.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-authorizationprovidersauthorizationsaccesspolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.authorizationprovidersauthorizationsaccesspolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizationsaccesspolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-productapi + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.productapis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - productapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-productpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.productpolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - productpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-authorizationprovider + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.authorizationproviders.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationproviders + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-authorizationprovidersauthorization + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.authorizationprovidersauthorizations.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-authorizationprovidersauthorizationsaccesspolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.authorizationprovidersauthorizationsaccesspolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - authorizationprovidersauthorizationsaccesspolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-productapi + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.productapis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - productapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-productpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.productpolicies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - productpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20230501preview-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501preview.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20230501preview + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20220401-roledefinition + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roledefinitions.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roledefinitions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-afdcustomdomain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.afdcustomdomains.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdcustomdomains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-afdendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.afdendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-afdorigingroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.afdorigingroups.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdorigingroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-afdorigin + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.afdorigins.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - afdorigins + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-route + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.routes.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - routes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-rule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.rules.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - rules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-ruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.rulesets.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - rulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-secret + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.secrets.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20230501-securitypolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.securitypolicies.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - securitypolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachinescalesetsextension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesetsextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesetsextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachinesextension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinesextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinesextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachinescalesetsextension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesetsextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesetsextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachinesextension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinesextensions.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinesextensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231102preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231102preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231102preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231102preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231102preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231102preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20240402preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20240402preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20240402preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20240402preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20240402preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20240402preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20240402preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20231101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20231101-backupvaultsbackupinstance + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231101.backupvaultsbackupinstances.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackupinstances + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20231101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20231101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20230630-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230630.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20230630 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230601preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230601preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230601preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20230601preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230601preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20230601preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20231115-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231115.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20231115 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20220615-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-monitor-azure-com-v1api20230403-account + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230403.accounts.monitor.azure.com + rules: + - apiGroups: + - monitor.azure.com + apiVersions: + - v1api20230403 + operations: + - CREATE + - UPDATE + resources: + - accounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-frontdoor-azure-com-v1api20220501-webapplicationfirewallpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.webapplicationfirewallpolicies.network.frontdoor.azure.com + rules: + - apiGroups: + - network.frontdoor.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - webapplicationfirewallpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservice failurePolicy: Fail - matchPolicy: Equivalent - name: default.azurecluster.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservices.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20220901 operations: - CREATE - UPDATE resources: - - azureclusters + - storageaccountsfileservices sideEffects: None - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare failurePolicy: Fail - matchPolicy: Equivalent - name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservicesshares.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20220901 operations: - CREATE - UPDATE resources: - - azureclustertemplates + - storageaccountsfileservicesshares sideEffects: None - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + path: /validate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy failurePolicy: Fail - matchPolicy: Equivalent - name: default.azuremachine.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20220901 operations: - CREATE - UPDATE resources: - - azuremachines + - storageaccountsmanagementpolicies sideEffects: None - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservice failurePolicy: Fail - matchPolicy: Equivalent - name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservices.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20220901 operations: - CREATE - UPDATE resources: - - azuremachinetemplates + - storageaccountsqueueservices sideEffects: None - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue failurePolicy: Fail - name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20220901 operations: - CREATE - UPDATE resources: - - azuremanagedcontrolplanes + - storageaccountsqueueservicesqueues sideEffects: None - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservice failurePolicy: Fail - name: default.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservices.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20220901 operations: - CREATE - UPDATE resources: - - azuremanagedcontrolplanetemplates + - storageaccountstableservices sideEffects: None - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservicestable failurePolicy: Fail - matchPolicy: Equivalent - name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservicestables.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20220901 operations: - CREATE - UPDATE resources: - - azuremanagedmachinepools + - storageaccountstableservicestables sideEffects: None - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + path: /validate-storage-azure-com-v1api20230101-storageaccount failurePolicy: Fail - name: default.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20230101.storageaccounts.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20230101 operations: - CREATE - UPDATE resources: - - azuremanagedmachinepooltemplates + - storageaccounts sideEffects: None - admissionReviewVersions: - v1 - - v1beta1 clientConfig: service: - name: capz-webhook-service + name: azureserviceoperator-webhook-service namespace: capz-system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservice failurePolicy: Fail - name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservices.storage.azure.com rules: - apiGroups: - - infrastructure.cluster.x-k8s.io + - storage.azure.com apiVersions: - - v1beta1 + - v1api20230101 operations: - CREATE - UPDATE resources: - - azuremachinepools + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 diff --git a/openshift/kustomization.yaml b/openshift/kustomization.yaml index 8c171088775..918ca008ff8 100644 --- a/openshift/kustomization.yaml +++ b/openshift/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ../config/default patchesStrategicMerge: -- ./patches/turn-off-aso-api.yaml +- ./patches/aso-disable-crds.yaml diff --git a/openshift/manifests/0000_30_cluster-api_04_cm.infrastructure-azure.yaml b/openshift/manifests/0000_30_cluster-api_04_cm.infrastructure-azure.yaml index 84b7de24189..9b44f862adb 100644 --- a/openshift/manifests/0000_30_cluster-api_04_cm.infrastructure-azure.yaml +++ b/openshift/manifests/0000_30_cluster-api_04_cm.infrastructure-azure.yaml @@ -1,11134 +1,7 @@ apiVersion: v1 +binaryData: + components-zstd: KLUv/QRo9AkCKg6qVTWgjIg4DXLFUazUbmfi+JOIpF3INa8EVQFqlG5oyGFjtWsDWJBSwYHO5j63buMpvA4zDq8KAS4FPQVeBWul5U+6iApOhX0MFR2FSjGK7kj59sTiYSGbpkkQOm1tm5IDOse2Fw2WqPDL0tVLb0jvQkBG80rQDmesplYCYtv0rYjC5sYmCi9khTMUHwouS/eXpROWQdlFcXTXHfta8nRSUMEJ8e03crMtYSi7KG/GFkGigmTCJSqsa3QfrvCCEzBk2/Q9HV2yeODKZlnk0slaQtZsyJlDQCAgKhv5eIbQNjeIRsmFJY34JSo4IRh4ANHSSLknXff9SYdn2xzbBFIbsm2Q5dNpuTTZiionb/YMKVDTd2r7upTOLsm1SfgbF2hbDB1szQcMtOYffRDb5vqUk8z37UOIcM3jhWQICBHwQkoqOFUno+CydII6pEDdiTegpgghyzYBZH/A6DJx0q/U/RB2QsgWOtuj7t/HsBE6dhEEV3BCXJ9aMI18TLpX6Og96ZeD3o3C+YZcFlayE0aM7IzQ6dkeAnKV6yqWXWubN7DT0NBwRkPDHV3okB1fsIICDnZgtwjaB6ab5WUpJRxcAYRuggIOdlRAQSjgYEpjR8O3z24llHyksG0aHA3NrvnNDXq3SNPB9Z4+c44Xko/PRCG3vqev0jn7wwMCErVlEXSzr8KQkeLSmS66xGBjfU6Gj+XMtjlH+ehPCZ1e1HHb4vCIQFIuSotgX9q1GEyKChOy6IwV1+cGRisybJpUfzoteuf6CB1f6T29lDeQM+oXyhXqap6BSa9Z86rUfbvfbLTXO+cdIs5NJCogvxuUcdU7j5wWhk8vQyG7cwWn+vWpQ0gkb/LYWK92DUJcmEIEhERyrFeDvq41y8o51dle4aKc4p/eZHQPerh2KQ2MWpjNGdM1DFsh+uPT13wjHykOfyRkEUI0OJoVbC2NEwr7GC5M6Zq9QpaMKmEkUZoVDcbo0sj3sBC6hytEYZ+K2pHyXtV72D43Y5sAsnMnRGn8VsyVWnMjpQgtaxg2mr8cxJ9IIiiOT985rzQnUJoVzACgIIZ1s7WR0TmQtU7Y+SR2DSfZsbCCysFsu1GStW5yXDq1QdCmTsfheHDU/fyxjeaRrQRreyeUALJfDlJ6Z2BbV/mbsW9tny+kOpuQvRlWdNPVavvwmWGFoYTRa0VGFiFTiE83qA6JOPyNC5phtCxiIBGHs21+fPqclzBQARJxUIz2fxyET2KFjkOzx6TJP9bUEcoJVMELKYGAMAkjCAhjQQMGBgMYQGlWYFJk2CAFQ7VsJ5QAZSVQBfua72jqJmdlWXSJCkfWLjhIoHPMCOnyIZNcOhlW0IIGDRd1SNFgAAMwCWCAgApYNzHc+pobjiZr/gOjSy/wx6WTbbIIoVPHJuMABzDMH09fRJcl8Du6CynnfPpPysfy7T/8ESVLjEqhtvaBYWuyyDrd7FTq3vgXCtNFjNBN/IHRJv4X7FZzNHkdaytqTgkTNOeSQNYuOGR0jUaydbDvj6gtc/7FI2HEC4ZR80kH/YHQ6b9gYPiDWZ3+WOAaKQtUkLULlxprPtZo/sFQZWVZ1LDAMGxuayHl1r9Yq+kfEXTNCOUEWcKltFEuNTqhBDSvkcJgygpDtmBWkEWehBMGqmNORGEnGrmBrPVhwzDahRVUDVSrDVyO5qVzJeVWXuUaj5NPQ6FzelCjWciaDNhYM/yhsHmfRmOdMmzNbvJhxWgZ5MOFjEHVVrKADhgHFmAcVBiqlY2ClFbBKDoNhmsta9308/Wq3r94XJ+6Rmihm52aDUJgYm0ZKaBtbg9/KM2KxQIVxybDBKhgWLEtYEb3h24ywwoZXQdh49pj40KIM3w6kVGYV3wsj0i5NqKbnbJyR24SkmiCRIXeiBVqNqiaVHzPHc2nL3oSFd6KbQLIlMaHljWc7CJoEz6ThXyUX1KudbA11a5ztaxW/BofQpDCZoUXsvPYWF/xoUAiMqlUgKJJ5b+sVmSspTMQyj7Dyh4dvSc1ZjDy7pMeHZ9eec11sy81eWZMy6Je93Ar6kbQprXuzfapk/x1nU4qhpX3LoTzAlc+FonIpHKlhxW5zu1J2k5CY8FcOJ8+My5tf3CebVbuQXwmZ7JBCl910eN73pAzE4niY/m6xIrNKwHnM0EJrqVgCkVInWR2wLVsodqudJHF44sG7+IhmbCAEMEBA2/2jpV7vlZSIJmwUGWighMCn3QPzIQzVL6BnIm0IoTpVvTGWq2p4FQN3oaDGw5k7cI5oE0Qo+xwIUoY1qWVwGC5ZMKE/7wLXscQwifCI2XxgGiaVBWcCsLmC99RyQTedCu6BfWoeckEk18gwssYXu/KWiNjdJ5x1fuebqwbCOOFlEhUuMJmbBNo5M4zGsgZR3PBXHOuBg5uAZUmg2aWzfFpfCYLs1Gr5wZUSuOHCOT+dFpwOZr8e6PztdKitL0bXG8gutmXn1g8GGa7VzbK+SwRIJLj0woVop5TIpGo4JCooPhYDolEQG9FIvD7GXXYrPlLFLJ7uFVwnm1zK/K70juLfr9QrjiPfSmV5ifI65ofcml2EcXy6UXf0184/L9QICCLxhvOgmGENiHFgvrDI5TNsJs79qmo9UHb7d6rDOSmWIn4s3/ZFaF633FdJOugTKiu9M44g2loxr7VcLZXKxsEhq2mBMNWAidxZMd3fCZn0Dko/4oEArJg+irJIorFI2rLIrQKbsV0fRANCBZw8OAMyURCowEHDAEW4FRnK4GDfuf7kxqfwbBpKEwgaRXc99yF1HPYRh5myypNCs5g4Iqgs4BnGwHD8OFclBaxavYYNs0Ehk2zENtG83ororci6CagU02INa910/ue/tPO4g8XhmtdBOwWQZsWTGttFAp8FIZNs2fI6BLDMd2KGivYSayVFuxOaI/sGohEhTuarKkjN155jeoPdA56YyFRQekp3XVKr/kMmcJa9kt+P3VZnSlXBGWDQnWS2QHC5oukYQJ5XLoBdzjsW8ggEQfNKz5GqkegedBCNEde15zzTAP2cNV2PSAzOGO3pbhCzQYhzpAp6GafJgXadM1vynUPD1SIIAzDp1fv27/udc9qo1/KpjnWV4r87XMDZOLhCC3nn5SPRfMRSIRiZ2EbQQTC8ANkgpEZWQTyN3tnpe6SCQhWhV+94mM5Nja5HHTOZ8LaymvO2KgMKW2ChI3K0YyiY829S3kDIg4P587znYHOQXnW9tJso6ghu7NEhTfJFP49nuHT+FggGEYTIhYYXSaNB/yhDLsvauCBgwX+eNpRlGDhoAg0VICjPxgouygMZ/zBELVlDsMZfyB0SgHGggoaDHBh2CbQaLw51y9cBBpz/kI5RMID2+Na1k2U62tG/MIOShY5ZRcER7Nid/1CeSdkbJPSbK6X3pYBuhcumYBwNNte3uQZNk2qCDgalWHLKk0Lg2wTQ9lFYQ6A0OkFKkAELmtdyujSk2YhFBQgFBS4sd+5Ld6QeGPBMGQKDM6Q29leKFfIaADB4L/nGTUhho3qEmzM+Sdpu3WFfJQjO0s36ziNgmq1Rvfdom77dcmQ72iy1tGlL+czoSBrTja6aZeCDRj0LoSrWn0DubNtzo5mNyqIlM2rzqU6xu6LxoI5QAEgcACEbqIADxIqNNc53+yiCz6THyMOEcj/Yy+EbBsr92hC6jrfKGEuC3WVQtSEmhL/usqyKHJY1/QgB5kEPEKnD9A2t7RgFGcE8qgtcxyitiyCbvalXFF0C+aPLB7///9/lIzzicME5+Us2BehD7qJBQMkTExoQDhEUEBA/sYFzDXPaCEbZBHf1RmYLuJTQEAeKtIuCExlWjAJI4lEKY0Xjca2Yqf0WnK2f2joJlqFJCUfhP9fYHRxrt9A55jCpdlFmllG8GN06QikgZGwAMkfEchTBNLWOTdpcK7/P52WCOLcJAL5bxLlBKvSFmkyzSvB32yjqJJ9GrFQtU3ediXLPg4RO5pPf607Y99qHF1SPAQJH2Xh4IYDVTbHwbaPYbSNxiZDaU+nwyBrF47hldfY3AJOqz5B4lABoiTiYSICAkHBYQIyIQIxEQEBiogIDhMOEhCIeKCgMEESQTGRTJAAAgyYQCgmSDCh4ACBCAoKDXB4gyGF1cJs7mhadq1tjs/kjG72rXXNmppnXFH2atC372iyVYxqu9Ibunp8mk2QODSyhJLG8rGjqXQjRsY2pV4EbUrH697coL7e0zvBwLCyESQUHnoQwwgMj9N8Ht5g+PSewZByUVqEgTUv9AvlfU+rtutBl2VFI5C1C8ewqHkfBvVW5BLSLsmZhFFaNBoNhWybGRj+UJoVEwo7wpRuUQEKnNIUVhiyRAXsawlU+YLhpFCHLDXiQnXGgoF9KmpIwegykUxwLh4NxJaB0Ck+jc5OmMYFzJuRYrs5LEvgi7U38ADyUa4P4sfts22uTyFr3SKIdldbQG2arZsurOHoLrZN5fgSGPta4miqNgpHd10jixi2ZifNlBpTtKjbnhsUOpQe3xUqJYFPs5bStuJFHRRyQsnSHU2kvFnInV+UZN2IkWljJIxY5bqKpqXZiDOKFYat+XVND3rf84QRM0srQqe0NXlH82mElhswOtdtsSIXgyOUXVmFFrLphJEFPDJM16QvY3isNPJisWCgxrpJ6TnOrrNtKNfZ+MhLYVg5soV+V3ork25CtijLoq/ThBg2slasIFvGIiRar9lGUJ7znXI1ugkVowGqVeaIzIAv7Fgnhd2R2yWkvBvlDFwVuc68LN1bsTkZ27rKMbo0w/yiJ+GANjHMbsP2almtUApnnIGNTf4IDHDFxzKRUJDAZ+JoKrYp3Ttd62xmqLRhXyqEoLxeOvMZqDZRvFnmW+mdKVdkAa8Shdh67Jrzu0KGKlk3nbPfq2eLvPskSMTh6Znkm2+dG/CZ6PIhYy4dQXik/HJQt6U4mrgopw7Z9aD23ME5ZoR+hLIb2Kc6wpTunFcLs1F8LPi0MtSyWvFebSB3NC+LodLGTVdhH6HsN58EhHLCemzSfIu/7noPi0cr5Gz/CGSdMmwLEWcgdNq8EuieMTHhBlSrqHbiC0ZhX6ZlvjssHhWGTFlJ62tuLB54ISUML6X3XGFPTJAoIKKwEzZ/W+HiAVUu3WiggMPhcDwaHrlS43Kt0dhuWPZxcKPRcFzYdkKWqoGV7HQL5rKwj12EzPmVLgmbXMdnknkKbXJm+4y5oujYRps2MQOt0mO/MyAgFCg0HGtZ66ZGQyEfpcGtofhgaJtb0mz0ykb5nW3DICAQqrGJr/SY5AuGGVO6qL2RLftcoZZWMWyQwkLTlHBGbVJsNPAA8lHOuGCFBBKJBBIJTpByUVrkYWys/2iwbbRmo6JhIQAIaNDAggisgMEFFVDTCi5okBZERCYRJCaogAGDBg0GcEEDBDQQAOMABgOwAIKGgwoYMEBAg8YFA3AAgwWzbX656Nt/RocalBYOkmg0Ey56ySIWAr9kn/9/44JJ/w4ta75geoJ9K4KwWR2yiC+sv32htGKuZGRHttA5z4pKrxXTr0/d4UwDCJ9ukgFFs45mv3h8QVlr0xfMHRk+FrZfNCgWD2SGFYoKd77nF3XI1jX5Rk4Tzkcv6f6ydMKZtdKyvO6ce6V3xq0G8us6FCiQ2/ZxUQ7TRcyMKTls39HkCs31JjtZj000z6kca6VlXdolUQHxaYeUTXNsotCyax2T2DYRKHYWtg03bOsljCSNWoEdzea0gH86LRbUCEOMFg+VDEwXMTc0aoWKZPH4Hyefr8Z+VL/e4rFg/i/+BfMIqgUjWTCSCYgvdC9EdBsgmYBQO6FWHc1FOcUGDM59lcvSVXpnQMuaBfMgYQJBAkNhAknkYfKGaEoopNsilBNcKhcPlQum7cP//4v/jwjkEUQgSrF1WfM7mkoxQnVGIx8p0SFsRClCIg4SGFYYSpiJ7WtEB2WDgFDIdkkNpde4JEXGWtJNFz11kMTBmC5KFzEAHIzQqYMbT6el4WhWsLU4HNwRJt3k4LTKsckgdBMTaCq9r9Ns1ElG9ZgAMWHiaF7O0lgLLUdo+Vi5pXtF3ied8xau9cKTMw3URud8cAuoNBmcwYIHFay+ybN9A4aOk6zf9zQDw5HhY2FwhgogdEoBhopcx7bHimuL2ujZ5IKx4EEFzJBpxib1IEbSihD2NW8Ex8QEiQKucl3ld81rBrJsRUyY0a+B/E9fRC3M5mcaEnFwVPGx5CGPBimywrCyDW44ciFbMKfU6V54dNAdmvdJJxcyhm46yBYM2+acP+eDYXvk9n6chCC2zRFZ8zvnHbpRknXfg2Felu56Ef+y0u8XPeiWfbghCSNJA9BREW9El44uXzAK1eKxYB4iJPbMtvkiQoJCpdgWsPEG26jCGFYY8iERB3wmT68yGvlNnsGwgpaV4Ezbyxv5a6XlDYg4PJzvepxPMzLIGdRb0bEvpTYIwsUDLyRKcF2S9D4cnVZwKuy2rIERSyILwE5GAVakBuFv4IGDsTGnY+22Zm60q7msTshSIbf3ql46UuDAAwkAWIfBPgYBh8OpiBwPHGAAIXiADzhAAAI0Dx40Dxww0MCDBxx4AEGCgAGKAw8gWIABBw+SAwRwQDkouygOdpId0CZudH5Z61o+E6Z8nXEimr3SrDi71VI2u3V8+gkjCUVCKQH72M8aKRh2pwIaupGFCNYgmmYr0kFYMM02KtJRIDTNhIp0lEhyY5Te08gS8oWEtrmltRz+wN4Jh5PMNBqIEraN3hkJI86Im110hk8zho0mQiuhNP79snQXDLJ24a55RbUPKhnDygQnG90H1XalBa5lbzQWj238xCWLR8oKWzDRQc5NevJfwkDLmjP2aTrJluFjYeBqzNG8czaQS75oEEADlCCKQpQmAmA4WyhBFAWGMxiiNGH4Ym3aXhZF23xH8874pD4Ik0448zj5sG2Qwgwtu85gqNhqXiGyO8O2aesqWLmH/UkXceYBCBw0cKXnYAGGFKhpRPMmMDBAGJhue7ZnKG1L0TyuxhKyZBxgwAEHGDrYCjnbN9uIm22kURm2Qhqu9N7AMOmtg6BuJSBrFxwaGA0N7FyfI2vdn9QH6aU3CKDhFpJhs4Ojxx6BUEBAHs4c4jSbYXZPuoMGFvh2StaMFGdwNXbOiyLEGw2G4aIIwXC2Z2BAit7DGYWpqM72Cp8cLLuWQzo9tg1LuSSMq1E0YPAIkonFg9+n3AS7Lfv1VtRoqH04A9VOnHGQwbLoIL5gRSM6qNGcy0EDalnmi34Uv8TTEQjIgnlfXlP2DZjBGzADiAgQkKgtcxbMVWiuS3+FpoRHHjBlhaGkQjOQIKCTiYmYBR1DamZGGIAgAFNQMBAcJEIym4uliiJLHyyZEBs/vVnm7txJKQh/UuyEJUGQtDrluO41zYDWcEYohHXrR48ZSgTAztirj6Of0EzD0kXHIpw8dSFcmrm+pxCEpNUISTlyrNp+IcbbKls3Bc8gEHbs526rxde5fHJ8ZBkcbcYfYEzPfDB96caeL3+MHYY4vnSjQF9+uPYSDF90tN9L35DZTNftRU/b7KWT5vVypVYvekjkpRs7vdwx3kVHxuilO3mfl5viNi96il1eujTK5OWiebxoWfP4BSwWL7r0Di/d+Ri8XErfiJv+LoFCTjjt7hImZ6mJt8uNFKxdRJ3k4TkqsdS6rSx4MYCz0Z7YGBAXvc/U5fXKZKSrlMiLGbE/1MTOMLeHXTBzn+Npc7eEEnA+eY+WMGLbm94MEh9puQkB/C7faOlWYBjdZQktJ5fl6wNaLpopRi6vvyGKaVgWNJ4Yusz3pol5UKd0lQ+WmEsZShKj1c5/xj6O0X+phZYZyVQq+VabEGdfLxj0t+WOvOPhkLebLi1xhqdSxCTBeoGtawnIOAF2TG2kk0DpFx2jZ8fhknIGUju6eF6VlvK06FfTNXIjd2y4kc4TmKU47XkxyiBX6NYfzjlPU2bfRgwYt98E/ZVOZH1fEAY029HeKLF6yfgg6KN9Gj01yb7+JyIYXAY6MvbmIDIHzu55ILecbl855F2bsxU8ZRaRoJyGQqKiAQl3c7NYhI+xeEXCm8597Aa5vYnxQEEJ8G92pqDQgiMfelWPHABGKACKByaB7FmYd25qRK8BZylqMt162KEWIOGaUBzhGtmB+s3UIPDhsqTVseUqVZeuy6Qne50j/N+JlmzUMrbVlyOeXKe+fcSoGBuZkW0UJ+zGcPL3cBcielI22WF8d45hOSQxQsmp7CSE8SbVIVLlEgBHXiYowuvw6/8e5/WGbyDau8s+kamKJY1mBPEctx91+i5k0WvR7DeOeMmdR9HfyFaIs3l3I5qse/02ybTI4qckSTgBJBX1KHG0nz2ilcfriHhghjWaKbHsaC34QYj8ZKlNBluE4WGOwwS62w949BwWXFWNkQWeQpQ311A8bsc2Euc6/fTXMJ0iVuTYuoQSztyBkKDmtFS0KNpAxWN05LOCz+9xVzKmgDUDF8oBzaZlK3rkUzhpd8MCuj5HQKnCeGqcYZoW7S6qFF1/hEtQArBMwborI0DH2fyetsSicrabAAivDrLfkMTOSaaRQQc7fJAYa9rd5KqBNV8BbLoI3Zsh5k6zGbTKmI43bfirRhtQDOU80ncbthUWkuTSRAMFW2AdFUo3Ew6HqpQcAYh2RUXFOoIoC/1Oe87plYuLmnR3ZDohIaIMHydTjyN11UUTFDSeIAI40qKvEgbypPRP5qEeEsvsVMM+vXj0E9xpRQguCSQyJniyJLo9AiUHCUj+fw92WexF/h4kG7zYBD08D8zlDTK5Hk4lURjjNjoG5cSNid1Qhj8pRrKSPKd21rAnzyv93/ijLAfLuPFpEBC4nIXeoZBsnRlcCgGYQ5ht6GrX9PMNZikKwx1MImWO0cjMObQdXDnJMVkaS6TsXomwOUTBh0/77GHuzaky2/szckA2vXIe5kzLC2XVOR1xuB/lzrE5POeifTYhdVahTGBkzYMZfU4jws959AuT+nNsYk/NVKp9hqXjabl0DlVpzUladI6m42euDj4wL9t0FPTqTKkKS4oG67QOzJKP7hXrAK4HOoqsQxAy63QSWudNapBots5CcOvYHK7zULkOlpOGTLfruCR7ijm8zpvW6+Dm4fKKWuaEak8AOzLRvtDqbEyw43qAXOkJ3BJ2HhKGHZwEsaOTUOzsZMaOzbAlCmSHpZTsWEKof3hJJMM8ETA7G02zs2ZU1gzPDk64KvA6AQftTBlSyJJox8WVKE/asTnOj4LaacRSaUTNVDsLu75ck6x8rB3jfHrK4eDasYkwyZm/AM9pO2Tm7rSGlPK/xHTvzvlESgGT4JIgG7uwGIHUm3in9YDp2AEaIu9ooqGbVWzesTlcIqt3OKLsHaNg/bO0vUIrBPmOTQp9585EDD7xO4t6/Y5Rwd/5Cf4dPA3g0ehxKoXA41J3Y6TXhV0X5BglK3jkLAbPTHDwNJoJxVRBkohqPCnFQDxGU8RzUlblcWRRYmPt4IC4pN6AIPmgpfGMSZPTRo2O+Gw+HqK9uBPIMw9sfCbyAKmRJ0iRPAMpedrsU9mhTh6cQnm0EeLOc0pGe9x13uhTCEt+JsiDBk/63+xTCIKnIjLzwAk0T0ixUAtQ83habJ6f5ubBsxeKgJwHJtF54uzDNGLnsfQkchNO7qtqSYMzGsA0U+IjIGLPWA1i6AF0VZBpiIgeH9fTYJSiRx/Nv9aE0WMoR89HmwaNjKQHaJ8/i8gYpccmLT1v+hOqsiABDIqcHkeThBTTg5+PezLaJKhnpb3SpgyqB9KGqieoa9JIXD0+A/AeRSUc3p1DVFAZTyQUup4/GXg9SL2+Hk07akcT9jgy5U4HbRyyZ2i8UFhLkH3YxmjM5hzaA+aQ9sQk1J6RhgxNjjizIjCEuD2Efm9PUUdiOXDPRiDuWWmOhRYW+2UtT2LkLo1nYDJJUxxYimJpqLvnTiUeYYL3jPlQhqUgXc7sZwA8ivvbfPzweJAkRgqeD0xdUGQCiVOYSib6LLrRxyQcKV/pw2eMQbtvBmdApYeqpB8xRuWRojUjeuLHtaxyI3UUcrw+Oi2wz06KffxsLDzo3aO/gEyfqBYbIsSJzpR7vZDzuRu3gIxbY+hMBijnFph9QBQ+sJsIVjaQQNljcADuOc8HpHNgoLZxaZz47fcEMAO4HEJCoFA+BmrW+Bqoj7J7sFzHRBkB2eSuUV4I81mRSi50GgiHUsh2DNGJGegsd3Sj/TC52lfVnFEybIRI3MY5pE2FR7OWNwrXLAxwRP64bYgaiMWQBR9zGeT7ykYbDcUvqoaKQrZTiNfxPVjSdG3K4WXR2Lo68ZtgW3fgx2CsY3K6KiTdL+mrhLR766S3T8hZnvGSUvBhUfbrC0PyVeuqYciC1UEyhqkDGGB3ePecN36PxD/RiOBbmimjg2ie8SPIAvqhrpLpbGtqPluQcijZ/TuK0vZGFYZ8dIoqdIdFTCdt3trGBIfmwXaHXtt3WEWoeWzLMmZbOEOLSbftny+3FUpt9Pnb+N7WTXgAIbj1qCtKL279rMetTmhzjm3VEGHr4iTK1IyGciwit0IPCjAzFz2zHub1jksqnIqzpG3sIyrECIYkBiwG5u9Za+Mx3W7xH2g14giE0JZ0UDHOj7B0+xpKabZe6R8vWu6x+hZhHm9tJr4SN+aDsKQUqpx2rGdcvw7rWrUd+xBwdbAgFMJPFWdllbiDtuFNTIiPCvJHkGTFId5v1yB7pRrRm7FvAdjIN8Ed3UcCq7kGDs1xt11sLu1rjCFnwmHA35wm9KS56tIQGCdBuHAA+8Z1XLpGouhPpaHfYbPTQ+mA3ZV9Yz0lFm7xZIeQPQRMwc/XoCkCQR0g0vKZziSLuTA16OAqBG1xW8IonUUzW9JgZTuTK52CuS6wZt+cpvO8HuhrYO/AY5ScPQlb870ZmgjoGAOIbnpeRVk6pvP6jQ+tBIbMR8chZOzbbd5Sh8Trh18NF/0MHirm3ICGxZaP0dSLG6vkt8qR3F3CAgozPvKg0lEY+wr6lr2ezBndEnmcnIOuqvUvjiIzHeS5sdQHHiFGj7OzbtTpIjfCwg4SH41l4f93N1bBlZDC958cabwxpuiv7x2bAn65SdVH/5DytY6UlMkoiAikfuXugUsxcUhAYPCEKevB3xaNUDtlUr8mst7VTriJJjhhp6BV8rv3w+BP2qYiOKp8bDaTeho7ZcgakCbD3dDiqq6WXBTvdu/JhfjsC+7o9gMW8bjlH3EUkT8jTH9MhPA1UyxuZHwfL8xWYfZMkLuTOzX/cFNOgN+7nrCzY7JaBuDkOPtI2UyoWFl96KkTj6Az/uQ4OMgPYO/PQkhae6j+3U+DY+Uss58wJNl4mMHJD14kzKydNYUGjlSjQGLwJROF+00V5Z/fZXXIKWQ2qXADbLPRa4kjR02zP/liRbgaJE+SsW/3NXROAlyqRuKu9w8k3DVFLTd+h5x5xI3fKwGkRGtPHaFDlY2MPM3et+GIpjqFrI2cDKgiR0Yba8DMCKC9Jdb06mhHJIrAVIJcu6gp1bHI0TMptiTEkODDq3oDCMzGnWmXXUipFXrd1+r40iVsXH3J1fboQGYZz8zGu7lQiBZPEpVYBmzKDqt/w0485NDG/kl5C11I4ei10+mktyv+84IrngqtryNLxTMtrrd9cd6wIY455BJJRWrlcuDdrjUNXNi5hglAjGmJb1tqnE9IErMUlItb1q5893PWDHcGYZbffyxoPlBVju7lps3itv/cjXiI8+oClek4Ida/JQW+U17iKZtSXvYvFf1rVp+xLp9Qt5HXL2JApHrDDSa5i1NjR4AjIwZ/dgx+TsFG1OWo6eORtKbMtsQCtlLVmuZUv9npNcwcntoVJ8a/NN5JW46saIiT+bZ4ssZKzBcN1QQRaxDeGTMEQDY5smp3B1vXmUvtd/rwgqp1EDuNdn86Lrn7Tyf9gYpkz+HZ7b0gQkB0Ki6W0c7TfIbgN3ce//SRoXN5JriO/QQfdV0/Q+KEjdg1S1Dhp8+zw6L8JckyMrOoYvOn91rtTsxwLiZxt5w8wUsWJjRWxeMk0jNu4bEllLkCmtJ1j41Gz2DHj1NZuOt4HFD0vNsk0vNOCMfeRhUHm0gtfmKAWpBKlOkhRO7C+N8+LhRiTrPendAeD5DBkt9US8tA48mewLzx+JXLM8heMS9eOE5zRLsvcjOwKLv49JlyRMmLvGBb9ToBDI6Bu9NxHSY51sCUi5ez3FuTmCs/o6jMeb+GICnxjqNEmaE7ZFUp34KIemPw01unqODLkrpush5eh8QjgbmNHQQhJHL53u7a4gr8hxdJ+UI8/biDpxtnpanQaOiQ5bOF9hGutBjEvkQGLNpZZxW5PfXkORPrTRJydDgxsEzdxCFe4ELyu7MRn/hYA8ycDMZTWj6K2M4oVmZ8IFtTPttGbAJr35ehiSLV7XYGzZh2EVVTM4cE8gVv8bRk1pEy51KZTtkjzhor7nJnL3wbRV9gdiptXu8je0Pu1rsjEwTtleTt5aqkZ81HM6apN+wicf/iQZgmXdN8CQTXezi4puYT95la1Dnn8xE9fVDWW175H1PCHov2XHnEcw9ZKOdUmc2Zck12TJRgsBE3obsJJ2kEx0Z61HCtu0TDRHVBZBunhm2hHPtHNNmOZcMF2DKN/5kbYLvUfLatJE9kD9dCufIFdgnKGs3lQ7GgHBUavQX3rmTIC/IZS4Z4h2tVgugqcHGNxjdy/CsTuL3p35Y3n9cpTE8WnTZcoZpQ9xpKpA/V6LyMLG9TwgXzCs22lkCxLPn8J/Oq4jTylf3kLSKBI84MOOBsTGuaogaLtpwFGFsb13cm321lCWfyhfgPJg5BGIXsIj8VtizdcIyRMG7+EIzkV/IzAFwmeJzoxmtF/1l7C3mnkRLbTZd5dV8iJjYjEK8jmSw+intnSRHMwJdZcjUTFzQ7i4oHkRkM7iQOoHva9gyJkpk1wRQEYU9+ZzQPU+Y20L1Uad4s/NSc0XFVkCkUZUZlXQTXpLiJkmOkwqqRl14QojVOGF0FV3PspryBDhlZIHLOZnrBoiZVUHuiUz28Nymh/sNX/Ci9hkhItxUGYorpVGFVBOAehhEG9nlAvE5RrY4y0GpxC7gy7zmrHoKLScCUZlXfBPA34qgJClEuxxOWrNZCuhjO+qYR89IjhXJU4bJChnFFOHqv7NCrnHFghFBTHNLlrgXA9A8zL5+fMbvXCGIXgl24MyCuApFuhwFOCeEOLJ18WV8L0CgG9/9cwhfHJ9oUexnV4EQO0oVUZfsKMV7dHK+4p7Ier1R4vLAeynihf9dwLNyXlIcgnnYSRcZAQR5UTVI4b3IbFIiwlI9ddDnxEg7cHhH0leS98qgAC1bs2lcYlXn9/og/ugaCRESDwPVWO26wL523aAWERpUxcah484ARxgNvb+RpyZ7V8UhLUggRPvEcH5TXAM3kjJh+qjd5C5o7d+ihMpSRowksYG521CBi6Vxk3HibQyYPLRnF4iI8NKPvCpFWILm43celGX7FFzQxAsPphInw81nuNbJkSlB/XAfR54nGuebZ0KjM4EmAGaq2OLVFBqwmoYlFQbvRxkUGrhmwZvwM+I8/0RBpHJJXqgaF4chCZ8qui8yEasoCU6j9LKc6AZ5jWfnPsl/4hI4QiTvOc6YfyPpp2ogOFmI0Zr7pCaWTu5wNhIxvw4zEdL8jz7D2Y2ZJKtlRzfUgrV24lbmEaPj4lCGi00lS+pJTbzCU769z87Eu25+5WkmdTU56ZhHqclVCR6o/JYjmkgdLHEdXj4DMC1bZ1FSbvGSl25D/ywojDVTeDcxd5QsiAgndJTExlWE70MM7BUMZXZKb96QEyhjZrAgPDipAaFz6B8X1c+Q8Itb+dEUEmcYkC9p0B+iewGa+rDkZfY0I5l1k/q0st8vSZyPhtPT/XvjujNOL3h/TJkrAMRDk+IzJOGqyTkKQfSh7nZa1LsJkF9iz5XyVCktCz2KfwbCQQGrwm4Hi2x3+CGIE3Ct3JxAzeF7+trypUIPMYFBUn0BiiITRj3AmHhfEBIWfUzgkfgGjfXen78Lgl8uEHjKMKFGS7MQHaaGte0BBTnmyWWghQso59QcFFnxmfjYJYap5dcmQsnSJA5NKlD7dmOqowKxJgs80J654JEanBImTlZusODYSVw4WTTkxohpx5uz21Ib9GjVvaS3XhXnShGz2oMsQsjMHGvK4RfjP5oA6TPuR/QwpAJbAWviUWQceU4msNWDEyFKLjUhxfgJq8zwApRhEKQpNisoMrogEBSOVCwNed3Bqk/YxIXcW8BBCAIYAMdxCYBg6opanm2jomUsgBG167CCLNFeTBn2uBIiv2eMzYFoQW938WrBS2MN9Ht5Bx0cSmje2vSafGXnIC+02LFhtuxwmlHxGADAZEhaF0FoGMh6xR0KW+LCNgYhrQpgLte7kcWnlfd04P1xQT+G2a8HmkGSZ9XhWzaybrgatQgZNSwU5QRii8FyJEVifD9L3fkyeQzmTK8HJvPaZKE6k3hYCFMKV6t4BJsIxcE85ypqUvZgGwMMWIej3MhWJCM1qzwk7Yn0XEeWSQeKTs45V33uxy9pKrS0sArHTI9PQ15J+TfnCmFE2DCqDAnQBOwWch7HfVMTQC/67Fa1iGcRMZYWZ57xl8knVwad422gENxu3GEDTECUb6R94IA2puqdGGdVuOb5pQ3jpIeBk+/zv5N1qhhUQYc2ySDCp28jFthhp5gsYahkc9TzIiTAoxsnEfNMdpkI4ERWs0L09Y69ffVmeoezcSu8aULdXt20bTM7xKY/hsBXawuQoYkksqGoj6K5ngB/rO+VN5P4r9LHVwsmVlohPEW+YXVhC/spOJWwyA6yIubzyQCd9dUa6vUk7crM5ThPKl8eJgO7HXOjKlIbbaEzLDimRBtjAIzKtkv7Ht6FJZGNdaXcRQahmGklzTNH4QWbV2SAOl+jDPeu4bNVe5hMMSYcMF6lGhrB3QP2/uD2xrOy1C5hOBYUiSSc/8iwIGwm09i0FSYMZKFZJcW5vsNp8iRfHuiKa/D5zQw2C0VCTxTx65s+ikt8ZUVH7y9kBB9T2JkhEfuuciVQD453lwj67igfbohI0ER1EYb8nSUFFuS/YxgmSTl7WM9MH91NnA7XtzY+ABxRy7kDhZFx5Hi+JwTjC7zlKzzkodNjOrx+d1wmHXPew6E75tcMeXBTMjSmAeXMq0mw/GqSJw+9ByovQgjabl1GczE5XaJu5CKOKsjOkekNrBTIZAuXN2pcTo2+B9luh+Zx2tNuwlnJTJc1XVYmXjShw/0Bl/QZJA2Lm1c+6Lvajl5eSbQhDNgSz1/cU6deM+GapnDQ0HU5V9guCZAf6thYR+dHgzN3gAQ4gkfGxzaZwLaF1FGCxcHhwcr4meFQKFBxAAzD34T/ZK1wqItAJfzrfCzlO2TFz3dqxdAgfTBe1URewY0rjWoXhUtu7o3+CTm0XzQQ7fg8qW0gQPKwHeMCACx++FEGwuMMvhMPJqszZm6AmuyvCR0Idqy6JO8hY6TpvLJr8ibvtN7X/iI/Sk5vtWdqF3I4zfusoF+LGRKVxDl+0saMFxNQ0klPlZk9xCWTA6eB6KLJDxIGLMu8n6xrGvOicYsiTFFHRlppY4jzX+NREmknpuuGIsApg2MowFZangmFi2RIS5UqWc8nScKeWkzo3fWoLWdVFMnLPILnymONAzgUCK2PGpJz/Lceqb3nsjlg+fGofZaGJFESBjLs7oaPPbcZYTAUB11qnKpejZoh5EO0GcR2FpcXJzfcpkoSbY4u2rqAWiuKK5ia5mCuVPs+YTVuKJUYEqs8TjlYclki6o32/5nVA44PT2xcfVvPd9caZZi6S4dejlOo3XaEyWxOaCidDeQ8XtoLUBTc/ze7hbNt3V7kvAOCRgXLrrLv/cp2bt7E5rTMCvCVIBYZQ9Abyk+ZhNLfEYrOfSSJ82HAZGHFk2YJ77rsyND7lgeyg9AU/vZGyF594KggR63reb9AxizzOgPiSrdbd6dgu8V+526UBo5Tsi8deEdJWHLeD9dY6ri9C0DJ4j7GfEB4ryZb+acIo/5jY5g84GF/2MFm4DqT/MKiXGVam/Zzb4ae1Sdac4m6o9Y/HtUi9hhO4ILZhzDqQ01Z09nbkMbEOtG/omFqSqVhLBs4IAiMJnDCRC02DXBeXXQbCswtIB11abBSPzm6RQdHww45WvNYhCzTNmM4nDUuHUwJsqRthLcAkQ79I3ycLCdoGxGVSSMrM+sku66WBBGE8DBKjKDGAriLD8Yc3Er/fZt2GJR6bIOIxmogqJMc63BZ4Po8XmoafXONSLChT3Y5f1ndebA61yy1OYUKgblTAO0vCrMJOSQ5Zcntjo9mWGwt58cFacYTuJtQYCZ3Ifn4he7E/dNNYFsbjOjedOsrHd5pMys+E04gtFWunT5lzH9O4ZhLRUcrvOczrZBrogFE8Z7Irj6b3WnTa8AZzf4P8MyhreyRc4VBGbWgBe5a36vUkeverXsLIi5dGhS4Qrjgyh9cOY2rdim6JEHJE6tecldVaiYAXcnx0bsxhfh4v1s1cJ3rTrDzkrMHorofPj8J7DTk+ysv+WhzUPVS2OD2tKXPnjPcBoAA1RDS/3xnmyXh/PQ6+rkRKmRXz/ReBeYv4z4TlEAURZHTsXd43EEhcHQkmC/xAMvC7eSAf9QAZafpniJpqSwWO0dTAGbOx0TI+nE/6aW5TsDy3uG3fBHrs26EA/hLON3BrrAXnTYYlY9hhBmZqIkvVmGBYicIvRfXEPlgWaISHkX5a4rsS/R5GIedLl+v+IRPigyVjDxaHukWpL6bUe9YaoNCVjKhWEIXEfqKWylwWI4MU3uTEWr+14Yj5J7vLdy0hcetHcycnPuFJjr3jidrvAWgPZj7TYpudn3kQgQnyPBth8M5B++JB740bb/WGYUpRKSaYlMq5yd25bfThUueE/TlxLr/pjVYZgo2fA9e4D+14xdszgTB6oiwQ8kmiBagWts6BUapExWjNtrT2OBQkKSt60vbiRq2Wxwmz3NZ8c+9OtSltiwySOKCB9+zDL35ZeEC+uZlVnj3YWLL1pcKy+BS+C3g8pwP4RN7DL5LVqJK7WE81bK9ENTOlskqcJehVfj2TXSC06A0IbqGT7DmopARr4VWECb1N20e6ogMEpzlXuvKXyNJXD/Msgdu4A1uiFOBOeWabzisDnNAQ5+hA21uIM4TFmXeDd+dz7HUxhhWwHZzfnpf2sRb0ZOEACFVZJvIAUOOw6TlnGaKHAP/JDC18nM7k5ZJc9W5YpmDFMX2Rkn8NhJShcXAPpESBfjlIRcJdm5aYOWEDUL4xRszMahuX0B6AQHaKbgKJ2wvlnIyDK5wPBNnBnImvD5uN4Pg8dqalevgzh4X0pHA3oFC1az+juAQC0SjbeYjGoZkxRUITNLETUaehOJTZHptfkMXi1sFc9w23WQwFCXzoRNy+MeFRmzeDX3955FF48c5HFw8gmM8rfEWlSQN2uWDTkxJZmlANeigf2+BpEwGI4YyAA3tbpjIr8k0PRhfelhH7YHOkRhRLADzqgFIkbgM2KDSfxQmx3R6p/rVFZ25JHIvzB95g4/kmUMKsYCs3sw3vUFghpOEp1Wxi98t9cZ410Ibc7peht6Tpjc7gxOcwmWEjJs5YF4UJFNPlZY+M9pnS531DOANxqdHT+OhkWRFkzpp/BacMmdrIDXxwVsLXOoKNIUPt2K87ZWh1a2+73lyav7pDvuOjA+CMZ9ip7JQpdXe8pxPzHkCAqmYpnjvXKCL7o2GzXuhECjQCpfay+NR+1pilhl5vUMkrBNoagvFWoL9dvNMvyDl7Fxm9eaw1O1wU1FcdG2ZMRfOsK0xHdYb5CXnOiHxIKcUTU+mM1jjZUYJFsCAr40fOMDuoZ8zy6ZjMT1GpaykAJnzl93BJRZngZ04q2xH7eR0E+IYajl6y3YAp5gLQnyGQsi4WG7obX8LWUQhMsly07eudI+0zm/PNM4y4mS1OKGxAPKEDghNzJZIQiGiD1hRLoKbpCQQpkAItXVcgTksLhOmHydQYyE8ap5SYoFs4URh4031B7tznHyggMwhaSkPQo9sXpl/KfYtCWJs5vm0yTVAnPkFgRtdYbk+6WibQtMtsGsw82X7HdkGH1heUU+gayjRBNioJkgZpWoN4rADCb28QnwuZJ7CPT74GWStPRG9bRzTTvcdvJEeBdjsENgsTpWoYfBoFM4+/J2Ft1rO2Hr9UFKXu407ycBaHAxcsINKCHtaqVYFCXZnUcQ7hcAsVWKXAGnn5ZrjA+gI7HquWNSdqxQ2tu2LIeNennCtLUNZ1W0E2CdJz6BglXOVpRtOmZCEBIE+idtsUvPUIhiuEvDAphwwNFjZre9lhwp4fjnCNjwZkg3jJhk3K5sPbzHbHbBSl2XCkCoibz5TljbXBKhlKyJAZEPTaTPSXQ84SUXCU5+zXll0l5qyxhbNPXlNdoKwtHezbWb5wwQeZggIACIvNEDpBPV4XdwKPLL27SV8Clu5lF8QrM0dq43m6T+q00SqRFALpnp2qcupk3cXNWwOZlUNPnDwCgiFJ+74B+LWMi/QETIydHjYNHvOMOPhiYGYlJH6ZpiZkVgkEjPXo7Y2TUAGDU7CUN0lpS/0R3bhv+VOQEpErh0F2rVENfLxiKrAmgImB5NnBVwQLkD5UKTq3MlvI3EYV/yfSHP6qyjzHxLxk0kUvvSoJPpD/pSVllEiX8qlSEVRwhSDi51VUC9kMdKjza6gEKp+t0RtHaq/GlQQ56YmjncIh0dQ8I2WVEepOW3EKW3RKNcmuctq9o03NGuJuaYg8Fk4e8yTWfK0GRhEnszuLODSc/5iRgX2jhDjgGQM2k+BqRO/rjDcRKYJKEipvnQyUgxDqfFycTk09siqoW4TdhKtqSmd1HVucOTCXUc+YGmRZh7tEQQrgzhy3Uhb3RDlUArFEXLUjl3HMtW0ayqFVYlqI7rDUqj1TnB1CEh3kQv6O/GEY73qNYGc4njIpmPthtJ8cIQ5QHyPvZvxRRfksuiRqKaHI6SgcAqPeyh0oPGJNy5YD0k9EkuccHMpQQsmhEqWTKJRL2nBg4umM48DDjnFFRZojU3AdigC5eKGwAR2gYegfhRjKcWwCMr7B0+r3gmQWIONqrENiBdwgHkP2TF7G3FXZsuhl3gVvPW4xe+Ds7OMfIy/Yq1/DIWEe7WeVCcsFNAXYTOKWwZ0R47C8xCuWxY1s1rjXmhDhDG5AEsY0/ZDdwrCPl/w8sHMJbvIy2iGZ7LyD/z1mrBGxRYt2TbB2D6FQKf7cXjribu9wHQyM5RMhroF4ienlAlfZG6w/Ew3SF7G0LAfudsOxAuDDFlxOC32HYMt5cKm0Y4KEEJrDSWxUFUtbSVKTrncCIQRtJvr/V+n+M/0+CimLJakAFQI7nSa3UVZ4FgknXRqqu3fcSkObSYP7Jew+lfOOEpytHXT6y9Bx28kiS0kWlLOxYnP+wlIGOnlrzDlEkYEM3INTfPnw6uIJ6gnalMuDpSk3ckWiUrAjghZ4+30I/XpIhKJrwa9n21nEtqYbMCSTMmVyLM589xY7Y3AZ79A9K81F6nqpvK38n+NEjaE8cYNpjirohktoeuOGOWoHLlwLGaY7zcwiKKQ3DPZfrkMzBDKy0aLvJ+la2IzYdloIZ4TcFICZlwWEiE7LmMn5XKJkr1JuFFTftsJDxckX8jZkIltdXkPnFsFy4Rgir1LOrWqLZWqI490oZJ6lKFrv1DFCAvD39em8WOa6O85HkICzKfIprOvdrbw1f+7k0innd19tOFdxgKol5p6GS/JAQ2kTyQS/lx+RRi3n6vzSatZsXk0N2QwlVZiVLB5cSdry53cMMiTHzHI2Siwxjga3Tpxzr8mNLvlUrFZjrweMkURqzCuX5ufptGQS/v7RQfSQ7XME3RQuV2e72OeM0wcHaD6LnuayyzP0JYUlmXnr74g87WjEg2XaJtxvXrEJQtDNvkCLJtCHeJjohw4HG8smkx9tKqLMukEYRQ5mjwuoIUv3PqxjxJQc/G3ecrxapxk9w2fTPxiim8zB/IBDW7gc8EepSA7032z+wWVu1a9CEyURA8WgCBZnoSZvx+c2IZ8U0hlYCF0ZcYmUWVSyYczLSxY9BotZER6YJHM1TPDler7/GolLg8ITk5eR4a6okjaOEgSUSikOWplFhphwlBVpE2EgO2XlOKuF4B8RZ3t05qKLIlXBkCuGaCRk42BJFOehvHd9ES9gc9JuPhjmhAkgyXMWcIrMh2CBVH8w7AyV3RcYeOIl5oZjcr2nFp1Ztr1XR3qhH5dMiCejRHJPfNJIPGVtYQSnKS1PJIZdK+7S7yZ3sQ8K7CtKTccJIUJTcBtcgiDW3UK8k1WSe18c4xXkEkh5OWX0mfv2yOAMOFlWcj0dpKZO8vOVHX2yLW43e0+1jY+Osb08MwGZ3QMt966qO8CcFdFQmhXmWIxBg87OX/rCRyTk2iBU/BEC+Tva1mCGcOPNQjKU3ygfKZLucyt0t9Bb3TulzT3JwgQFGfzUGgHAxXwVdhvj+iu7ZFlTOpJNGKU4KTSW6l2OqzYF2sZuOQBwTo3g1hfoYRcYKZui5gr27pg031gvJKMC44vXpyQEos2cRj/ClZ3w25llgCHejMfJzuLZQTzqTigIe8GAhmeJCLCb+f5Gq/R8GpZk51DXhsmfN+k1OAHN8Akh3r26jnORB/Idj5HFB33HTfGHfQKdQfzcVj4Wy/lMuUHJXGp8xmEXMox7W3dpv2b784POhnn7mpzVAOW0TD3aUfpZ0832nAolPg4a0NtgSHIpd3OOo3ISd8NL0fTJqVqKkw58ju5j2UVAzBLTiqbwyFzx+MTfF8MyEhG+43251wdbMLx5HWn0UWQNB5oD+rz7MRcRL2rWWMpMEMUQkmOCKe7W0chIsO5fqcf1tHv3+/KRM9EVRYfbBP1z8VphyPRBUKtjF+tVK+YiUQjFnStRgmVFathUYziIfkRT9q/2m9kMJrx16swXcmYbVUQ2goLDWEuEUl5a2LElcP/XRdkikTQlEGu24zKPyKvv0H4gkK/g+/WQxHWD9Uce/d4evEe1DcB+GMlUs+J/GgcoSTnFSUX4EDRgtzcChIndJ/gy5BCo9yjmqaYu7fbNb6M6Tl6Rz3WOEL2ezlV7VpAk6tKrmf1480z3mPaZ8ONxr5kyM14bt7+QRVA7rWTUSmxa8BiNH0noSEACx7kx3fnIEMYyCQI232raYl5xYnl7Zw2SbmfZ2dh5rQc0FGnQR8zVaHgOu3MlESPnnudYTBiSm4R0GJoFDDAJ9jJqVFVXibuk3bRkDBRCJC7wQO+yRgU0pJkiNzfgqht7jRdzO1mkTTc8+uVhANrZmdGb4GJqcs/sVZEadqWWTkPT8SMghVnH0NelOrbQiBckd+Pw2JVMEMhMLF9LOm2/NPbGblHJRdr0reR5u2MtRH1IEGZ2mrKD0OWB7TQG/UTKVVNU/oyTnUjtsGNV6HFySjSobvTcY+BYTWKMy0lracQY1FzdIUfF1nuGMo5WxdtV+9qNAbXpAMPpjiCTWs97+zLhJh8GrtkdpQzeEATOmIrlA1lLp0RBpmn7qlC7l9msoijjAKxZShbwv16EaD8tTXO0FG9SQD9Uw4dn09djbyym8L2VKL2X2Ex101EGgwAAoTiRPHFPPW8MW64O+871Tq0j+ZkoFgyuR3bjo7m1WD859iopOhmiq1ZhB7hzTTt2sBkF4KJl43lrxt3gZBokfjNv8A4yS1RusFhnm6/zxGgVKSpMt3yCipcXhmkubKLh6tiLwoQKx7X9e7Ge9yW6fOG5hGkhcbNg0fReuyrzmX4OPOl5JlseBhgLminVwaK9eVLoHvRGMCQ+5BKNkh56vyBaTuxQFhDskkerh199TpsQec0zh7oa5MF6io4GbgXAbdytoaPUnls+ToPLhKo4kU5JDSCHw3kKyLuKHWF03UDaJcLdcXW+0HHHDdVnHk9Br5gdVN3jRx5UHnE+qAUOnEViVegg5RX1kaaJfoQ6zy5Rlsv26faQPeeenbYo0rm4O91v8CeYoUoJIuk4ChkNPnzERZwmHXDn0CVGmg2h+VxBc0FKHBn/G6kjqGZ3EroVfmYlMSsY3gHjK3enRogh8g2CduiShOuca9yytbng1JEJjPv0rN2oltpuXy8ZeimIO/q+EWD8p0oOKyojSh+rCfrfFyFHvyyiuQ7iRhJ/UkFXLzr764emAcWtqLbWCi1fWI39AbwvAYqVfBcu0G6ImwHKqIFNWtopXNwSRS5B34cOatSNN3P90OxhixM0XNRhFMaaB/jisVx9Bk4BXwGBAUlp62wmFooExqCWcCOf6B3RSCnktqY4YmwhIDxcybZtoQTPt6D9be4ghtEVg7SCq2RW5UUA2DwMGyg7jSwMQABDQwPGoKeBQgQBUA5IhU7yQBBAJNNyuXwq8sfg46zddTq6q4bscdYu/taStijYvGi6HqrFkDIEhIcHWrWMWFOGwnSrhrnIzHAx+ewRfZ+yF5tbUtYCLywpyRiPvp+2RT5UwymW19KJlD0JsaBg8nksFLe1SqUS4uTSQMGXTjIIRvToUWZ0udBuKogxLSnY/BZS+Xaty2fG8IfNe9f4MuJBRLbVMOgwEpPPzjil5XRa0v+yyJh3kT1sxCopLYNE+YqyHZ4LnYpB7l+lDs7T6fSflv/Tw8SfGgv6/2/45xNNpEb+f3L//5AaTPp/tz4h/////z8DQ0NqjvT////PYMN9///TEv//eERPEv///3/N/64v/9MS4fNRZv+R/vT/52Sxz/2feOQjpUUiNVZT4x8PXn/102r6tLyD1Fg+QTgYkn/KA0Jq/D/Dgv8l/zu+kf7//z81/j81/v/xK/LL/4lhQYPY//+f0g0IB7McbJF6B9yhsSjYJCSie0pmUdymO6Kv0wgjXnhMslxlVoECClZDidONcnJEfzCiQaoFSRguF5K0FUWWUofictM9DIKRS2iCKJuJKbncS6fvijyC/HIjdB50opysGuTw/2/toqRjsHlX815sy+fBpnHgxWmkYUUZw18jWc6LddCDIgyCjEHtxVVOHDo/Bm13gukgjEGN4m0OeuleLCioywfWsXDJGDbr0LnpSvCmoFhQmIJip5ElbS0UNhQUCywpyX70MZo2hQZppDkkOGHweaGB0gBfOg1WMnkaRG49qBABBPlETDVsbtlUfiFdlHTP+9YNm3fEkoJNQqagUFnRZpestwESj0dEA0N4DVLmfWY8p80yVQmmKsFUH/WntKSUT3RiOBQqmzh1YKczhBpGvFgsFkc+0cR6Alu+SCSPGr7Y7FLSlK3N8YhgkIi1BxBSQ19CE6wGpcXpymllF5/H1zCrqUg8Vg13PCJWBH4eUgPCwaTlgeGzmLacRDKL4vKxkNPILx2Tj9dysYddUvS3lrerIiMrXTaV5+G5ZBISjljTRUJzJCREOUlYbSovIsryhgwpC5og3/Xj8LJu4fMFCTGkLKKcVLBOjY9yMqNhHj6nxKUjyYfu7aiSQfake9dqJpxG73GS0bSha57Tm+Ndy+66IoGnDjYVYldFAk8dvGgOtRg2oO9nNdt0LYNJlJMlysnZ7BRXDV9EORkdnmHBDpUQDhw23VORwDbMQ4dBm+65pOiRS2gCXLCEIAPKoWr41rGLOZ2t9qNhHjo7/e1iYGHhIAVtL9hq74o4oobvehi9x8mbA0sIsogeoXN4wyVtLaTyMckcvioryhg61jGxflmXTDUMp8b/vyeMSLhiC4I0b+IHY9cRa3o+vBTwW0y23ozhDx/oRaQw3emwgPXdKqoUUwaJgx4KYnirzg/f9Y4a/vCH2/KFy+Y5KLJQydia3DIhJwWbZNqDIzoADAI0rDKZilSlGq6YMnz6GgbaF/scvnXnA+ECAAYBdqVFNUjdEeQhgxjmwPCuI46sGXY1EwsAMDRI8LVkXD7jTl8g4EZFKjyI6UJwKCkKwVUySGXD7ERDmrGLPQ+02m7ZOJCQ8CLhbVbSQcILR1VDCAlqMWyAIbOtouqWTeVNpW2hZzHgfKKJR2S13HQSL+ugw+fRK9lu3qowVQlVZzNxgsBwo0WoQKfhRkoc9KhAR7EHNyJmMZXIlywVqieCpC0myYfuLQOm+uD6VmlrmfviWyiibzp8FwOnRlqc5i2nEoZL2lKY7tmzeYxEW+goxGMQKsAgqyKZAqdU6vzAcRpZLUIqjXBvs2GcBrDQ26y8SJZc8jgZMo/TwlQlmKoEU30gHD8eTDWK6uhTQCAADA4SD4yF8lgsTBz1AROAAIHBQeKAOBwMhcKAIBgMCATCoEAoEAiEAoFQQCQOCQnlMZXUAOCAhyIIPEghgZsc3kMW+DHTvStvEp8AXbjDjHfyOHDXXi8ZuI0HfgeOIyOC44kEN5wJTsbnnSsVfISKBc8UQGhr+dlfTYx5SWGDfys4eF2ngxNRX3c+OD0vMtAUurUnIty7+Mcg4RkJUS7UPIUTfhEovBimgd7WiIgVfhXCwpvT7GIW401JgcUSfMJTnpUcRLantAbwKUQo2pHIT4HE3AQXoEKzFqikNASVuG1QsR1CpT/0vFEIBe1A/YLxMlgIHBdYL93zfoyHHd831O1GW1SuC75Jo4I6c1TsGOBRqZBtvSRpq4JmTCpbQqnIm51wwswzphPpHhfe8ZNdB9omQpryRLILRbJzAJ4CL1qVn+WqFCtAEqcm6iLGkaNYxSFkleKLujfO+LNR0HhdFe0INc5w7Es/PAGGFdwT8AQGWvzkhwpAnIICcMiwH8igV5Bx5yBDFmP0lxYyszZkMoUSTIDHJQ+VB5AbZMGmlJVBjmnmzzI4Vc/3GanDLhB3mVkouMpbFxQvVkBeuYWtOMLLkicD1ZyzcPU1lQxnySMB0Wo1ICkMsMLEi2Gr2mE34mcGQi5ByXWfivc4VscDTJdSzwsC+Hoc1hK1GllGdKvB850MRol2IPqVyRpM8OjBvVAUbDU7axVv/kTZ5ZkXsFu8g1xCYREbldjYg5gYWaIn5zqaiuQSpyb0KZ6mjddIyZLqEPVpBbM92CClb1ShOK3AEr3s6i32zvBN3KMSYkI5IdofG0vGYmi/xXnQtqViPip2P9aIf5bwCcg8FnMPQka/d4Me37JiQyS4wASkJ/nL3v2PIaqhQTVbOnmTkf5AYZKzX//FzHB++HeK/wVi0MaORytgjk1dENdPI0Qa084xtBemzY2NXRxTHHZwr8BfiOV9jx5E1NRGxseJL8X5zBPoxf9mjaJrrcFMdjskh2nZ4qQTaQVqaClZIYmlooPTlRkvtMUdp60RMTsUqvYNwpislYCZfeo4b88K642/ISNuaFsdBXnYMhHhEiO40vg2sU39x0GivzytNaS6oOnJJ8YEQ2IbhvNUDDN1A9MlOzPhqWaVq97kHAqF2ITLAIlDTyypbt5va21oU8AJd1e4h2uGFJ8IqDjDL7UQcO4HYaDe5CQ0GYw3oVMnKF2QwZ6IFQFqc7zp4oDjmwTRrtlNsMXVw+bZ2ZHtKrBtozvEZms9SHReABDP3lcBtnMCq8x1vHMqkUy5B6S1gKTXFK7gzOVAUMw2ciqh41xn9DQOL5OUBalFSo2jVtzOfpOrRTDg/CYjL8DmMHFisFWmETTX2FZACjQ4Nq0xF3Eu5Hrxy9tqjWwQvquT5lCd4uKd2ooAVOlTC4EpfJn1I/JtwxypIKb97y9ESQLcS0WczQAeucGZ5FGc6n7Wmviy3J9tRq4NnmkizZg6TssBEGSMMWIsIOKiycnLZLtA4m+hSmzjASBtPWlQsFDfqIsq/RZNDK9IA7+5/S3YlBTCsHDSwocOQi5YJKh5fbKl/djrIyaZkjNFCOuPewYcAnbg6KdHSP49inBag8f6DzafPS3S6cXveBZFyx9pKiS9XixgvRZNoL3mrmtEGNzWjHulvkqwjpkpf5AWT2vOd5s+GWlbVwf/baji5pOybQfgblNHLt5ozm5XEtsvu63w11TYbYdwmdTwdXu3rduaKRnz6vYpJIXJ/fWA44BqffBILXftLm3z1dHpPv81GRSm+U06ADVQAEb+5++vJiWG+Pdlx6wuSwgMrKp5Ej/FBmC6LNWacL9vHDmJNzD/S3JSDcqQZTpskQ+KL3KdeYyR+5rZvTIUeB7eSmsy2GsqHobcy/enR7j5BGEZP+6nGr5yC6MqVJN1cjA5j8YtFsBCCSby8BSrlx4SEXRL/K9iEXnDRIUmL/4YskQvOptjVfxLDiYrilmQZeMMFjCQMZMnLKTuE73XsxX01M81Qw8L8yAV4jXm5iDX6z7UtiZirwJjyldMtEwkbIGKipgyC0Iyz8xIsiyErMhNUcTzf8CvSCnVvne75FsbWpEd3Nq1FhMoJ+iR56Jg1uSyjgIb0UxcnfQ6FBwEpV99nZtDHUMMKDWkib3Hk7p2pUDZir7dp9HZ41Zlzl+JXBpMCOZ0kpqBSVIcOTBihJ/u4eyH1H+qp9zf0UVOVnTuoc6OgFMTJFl75LaIPTFAt/80VmvqLL93IYUrTG6rBHm7WaeACkCl/g84FHblciJkFRieYPTwKGhzP7Fd8qwRZo5H678ZJdcnyRZ7iVax0Arn1gjopb5SV7GIQ2U7VNgZ6Q9Oz4pQ8Tww1yKLhiwBvWJnDogr49xvcBAZ3MNEfSnImVl1jFb7VWQu2hHIdETS97DpgY3gaIPjCIm8cA4VkRYUkR6Cx2Qz0WFyxU5hygZfs+hY7jvJFGDlxtfo9pQt10Sn14CtxtGAuk4gxDcfUqlJGP0OI6FOcnKu10OIrOy85rsCiahG0ZWDTGVTLasyNXJytTdfUiAZVxVtVfSzF0aqddHjl+mEKIYhGb+umUolzo2rZb7aQ/fKnaNGD2RbhppfESWRdu6qMSM/yXzOh2r8bEzEH6xUXJWVUyhSdXpRBQ2Y7SxtVKgMUiQCOAGZhZ6ZKX+kkSAFI3xY2boyWlq2mQqs1WHUeGv+Qf+GluADmguMQkX8xD02knbWECRlvnyrMMDC4x6zogrtfkFZ8YY4WfcITFs3AY+3scjDJCVsZDuaoixeBNmPlA8hQoBsQHqQYGhTjE8lcOVEu7EYU3Txzh+m0KexncnxtqunB3lIUE+EB3S7us0oIY2a0nEKdrE1IfC9dLH3kmMKIN+7GXDrqvn5WFYuwBB6NJbw059L1f1r7CD8QONFE0BXDVh1vfuKZaaPbeRRsNWbIcw2GqwrLdVCVcsZBhb3ypK48iOZ6JTZS7zeNMGVBo1DrbyDEvi4rUjfi+wUmc07ebnN+CrbIqZlFY2NB/TSqptlx2zHelqnsTFa2Qj1UUsJP6UfpG4o/8ANdUu2NkLrOzEooqPo7+gjmncathvlH36wGQc2BC2n5CM4ISLxHrwYDlrREeoydrG3FgObsMJ8xLnsSlCayo9w40efLmo7LsLhpFbp7eH9zHQfwlo/a4T8Qr0JuhaYpzfaGABNjd7zD45UgWmJbWbCN8wNHdccgmYwJO94KTAAOXBDp8czAoqqL81xS28culPhMS4UntQ0+oBgnwjvSUvZwzGBf5c0EFPIjalcXmqwzCwrkrCrFxMuQfhduBDEVAK83isZkbSxoMEhHuCvoBKrSKzHjsiTmPJ4C1W9LPC3RLnvCjNR9dHyQ+i7EF6ZIKNbmOJ1TMkSzTcd29T4LvFKez/DTlebqdgDYF2imu+dZqU0agCIk5jYDQ525zDqHX+qMbSsnHeOvWiutkNeFvLuY53xrusUXf/y4o3HZPnuyFK8OybkXjvkFctnu4NQ6smUNTqqXwxFW7K7ZB7sTuV1jmb0dqy7sioX0UvFZ7pbbYh0pxrVyIHuGphqZZy7x+n3hv80d8en6rsLUOPUkUxy14Wn0YuC3FX/OGEl7YKJdZI/F50T4k7u2HkZ7hQLAVngJx0XtaF6UjEOdQGrz/x2VWkpBr2cVGIYpcPbudqvjoPMbqd1CwxNbndGVMptWKIiB7Jk9NR29PzbTh8YsKHtFvJPkr2EkvExUdJkYDt+vAWQuHYZpbVTTC/DzWrHZCvYTrvyXXqz5ky7XCvtPMN329ho58TeLuuwtWOi3asL7QiGCEFgBgqTsvs4u91uwdxG2+xOL880u3dkmR3tPTLYZefdXPrGUZrO+s4oO/a6yW58QB1YZFc9SoOjexy9qVhd7GopA0hV7Epv78KGEAdQb2JHTTLCbQ87kmrYsb4GOFYoYYfuO9h5puzZI5wc2Qwd3nWlgYU5WAbz7V/nBPXrGJqzYfgCsX0d9c5mqgh/5esscR8LbwSL4/mt4YIqGGhluOMkrbcLqT1Ha01O15TOB8DXhjn4WAtyE1li71ynz5wHtHLdvyNHKdsjK1SmjZOd37dOAUYTD2KjgUKrhE39snX9+fgz9+u8R2ahWOwR7Z7TwOYQGN3bGd9bLkt1quObAhw8ls83TJ6+qUTrG53evtm29w24jZOd3/ZRwBkDiJn+QoL8ddWXejN7ADe+B7iLJCjguB+ZGWABP6G2Bm73PHCGIjiQFlHHskT//1riAsyxBQwpHB0HWX4I96RHOCVYsWmpLj4B/z22Cwa0cPK8cBXUy+kZjqlmNV1SHU2nOgOdr3a06Th9rBPOTNkjraVzsSsgY+mkbqVzkKfMpXTDK0une/lyKB2nBGRf19hJJ4SZdMoEanIkHa2PuelEur59hC3mQjrRkvXOPrq1bvtsSDkWZexaRpWhGEfX/DY6jWX5TYydYYwphYzNfRBqGTN2wBlLuFTMuGglpdg1SXI4XC5sER2zXp/I0lIBSf/qjqETC2LD1F7WFjrGp9AJrCvZNoQu9ttBp9sA7VxBR/kKLrnCBrpRM4FOUaH2YQGdXJus6fqewLXi11cdZo+zM/+seVp82+cAdZg+Z+HL54hp+NwIiKMPmC4+gGWDOA4IxZbsK5dJjH635R7yaJ5n+xWACW3km7tAI3f/4fbNX8txBqosndG9Kp/+7BknjH4jxafzDOIiug2O4XzYMByhj6Ag+ndoivstxvpwiroZLyd/tn273GijXVsuV5yqCRPqmzX2C4P7mlNFkeQzVm7jASf9047OPlRuye2UU3+qVY9l+rnN69VIOe9yU7J412wEHtsAcS/vCCuLOaReSMPed7nXxVw20tAX7LHv/XhQgX4hNfh7Vue7Iw9tVxQhpUvgExozFFTarpHblXXXUb4G8cQqfIzlaynCfdWFTJnfVRHHWrZVyk/2rtlqfGsmNO6smQtsX804x1Uz7mURh6eEcKGhzSNimYoVY2qhmjV/QDgA2IWrFUD/LFvcVQufkbJsyXU42sJ/d7NkbaeAaQQXk4DFq4X+Oo5iOTnOPruxvsOQLhlmrXL1TybMis8qZAYwDUVF1tA4VHnWZDZT8uKc50YdIXEjCGJdztANJoyVopwR+y6NUvXlOLOcaNhwXtyDrourtJnqAZu1ZOxzJ2kfq7oDaCSLCtZMrbMSU1HzNpATV80afTihD4HnSXFO2kWdrDhqUZzng+L4bXrs58TleGviZG1MnLdIjaQFDX3NusaQOAJ2xAmFfBGse37UiDjsvpwisSEuW/RudUJcfPK3DhoCWhBH9YA4qQloQM58kWDVWh0fNyiQQG7r4Qhczbvb4XzwdDieaq+ewZ1gj/SZeTYcb4nVcNIDW2mMhivdZ3onwxk66IRJUYSJ0/1cuPq27XbMWrgOx8IRLaoUqZoK58VuKRw7PhROfTrPzYSjYEiNA14b4dqvyOOvEB8IF+20GEELKevg3kitQ13HwTHkPQI2P9vgouc0OH+ctroMTtx3GFxsnrvg7IZZcLSTTGEUnGMd12P77RdqQ/DLifavG8B+xVbB2iC4JTg8Zg4cIVsDp28MXJyfQECcAucK2OISOGVz6M1zALsO1hdwxUbANTzbAMdJJ8CpZvM1A+AKuRo0w+It1Dyv9W/cdAW3q3Hrzf56Nn7cDX+jdrvfBGZEFRi8tDb6zRDb/EYL9x/oI94WiKCmYtRC/l6c0dyKYUdCRAw9usqcRyfTdFxD34RU4hGZ3sc3HhGXiEc6JzxAB49iAdKRXfU7IsI+72jSdEfSAGnZptCW196YRh1dRMAlJ5B3BCs+uKM2SCAuoPkEvmb3s+ytFBr2xrMthlMNvedIcGw8FV8oORRyVfR+F4w+5tOgO2a9GKE/f6RhKEK4CqUlthv7nsanokEgU5GudGRxEyoDNS+uXFjdqPouN9KFuyJV8lTx4A2Pm6mV6jVCG2n1303RBZ7KnnfrQn53U0TlBQUAkFSST1Yq6o1QOjx3U0XlOvcivTTt4PVFLUS8lxUglQgASMTYP9J27I9zkPijBG/d1P6fifTVjQIlEz8C1+xMfQwot8pA8VM5pMPYX2hyk/mmm0Y+LKiTbgB3Prp5x33RjYceuhHFQTcl2u/+uYVLgMaKbW078/mxwTe3QiPm19x888yNEom8f7mZDKJJcMuti4T1ys3tIPpINStta4X0q4vDWZaM8B23pnnjttCdcZNxG/ddcVuy2zRH3Fos2vxwk2D+RxiAGzr1FuC2ajorHjaMPhUOI6bq7HxPKiNJZ5hOjhQ6b4eqvkiX+UH+sZW8wo9d5wh/WkoiCh2LM7yffoQgLWDscOJRBWYKtQYqSouZHifN9L4fleMij9mL2z2RhgMvmfhseDYD4WcvoZIOluffk+0QH95TheFPxKMtTbZffh9A/OS9nOhr3Xd6KVSFGC6ae7qClyqX4l54IypnJIMI0T2qrN/1GY1vxgBeMw8J7cWV1v+cPnTHdIsQ9P7OAk4hp0SD4a4AzrLGXp+JFBG7QKnamSh4DpnkYSyS3GMR1Mdob+eX61Th5gw+vNC2wSiNfemX5M5mMaJZPt7OWg1sjBfqI6I4BmX48E+1l4mEXCdfk3Z9skjKNcsijNjJ27lhCE6VZ1QPMCjdGS6VqCoycmsitAce/zksGFKATior6Gyjn6MxRx4JOl1akPYzPq/lHQX9onchBctpLDoY1KG/KVNGt2cS3MHknTZa4JPDdr/BvCGVKYQonsbApIscaY/DZy5uzQPgvL7xJ7GAEuJgUUbj/59Cl/a/4rLcbovUfNk31MQYkTx+Kyz/MJ7/oeESGCDUsqD9lq9Q7+tI6J5uc1/E8Txngui6crJbHbyNUWJBna/KIRcZ3bXD1G28L7GLz7dtMbtWBOfgSuxLPoHE3fCl45PLb+wiT+PQU5DAWCwFeD9LJaC+bc0oM2xpPJ+W9tOvEIus9aCaRH2pCPnOl92R7GHCLsA5ey4mhQBLyj3V6B/Fa9ZbhqsZ9yFpRrJcXVOvOWjWsxPiDWLd6TzV9oLVLZu0foqtyQbDIIKjTkGxJFnkNAzal1P3ygG3DwWH2bCpNdlvITT7AUG0VFOXgWRHg+433Z8ipSgMfFj16jcTZC34z/3lFC8hIzC9D6EmIsDSMQjlhLIzTXV/8H8Jwp3++4YeHKvNL6xlnET32RqoBxhNPCAaxO/LNVuJ8v6ZM4z3um4hvEevfPfMAIUV213OUEXLdedPLu0uLtXdcwn/LNFYovsbG/xUAiN6lrty/IiGipnjPtz85VDFcO+mQnBXbKGy6O1cAiTuBjE64RdpH0MigE7Z6n0FApAHBicZR/gCzcAof2d8Cu0W6403IAsPwTSYS/UrCwTs4J/XGPQBfpUH0DwXoW4UzW6MGhyCSfUFN78xTeIHbdM7CvNDJfM3Wk5gm2zACJITIHBEJexI2+KENVA1P4QjY+dGV76jNa2FdJy74jE9WngtluqVnnJOnO+3/LAp4ambi3U5+pY46j9cB0zQlyvraIF5nJVRMQbzT8SJdJhL0ppPyGveNRW/E5vnHvKwQJ3Et/lXsOON0iqrNwcSWLaVgbKhMsXRhOHVI5NzXEjjK835+M+5j/eX8u/3zB1GSYN3zs6zwHbOSu1Z3Xk82ZVTF08IGs89pzy/guc5a3lZpew5UnsuHe952sTnUxmwz3y+JfX58/ucm8lS9Pl5XtnPCenPPTlPcoCuxICuvUCn6kB3Pmih+85pDUusTo/O2o/u66Dlh/gGD3cn1b/1Mv2bLJcnH2ExSWcpJUh2SVfNsCZNeqd/0g1WlA5sSgciKpaIWRZNuyKQpfPEkEBdl+7IoMkv/SRMf4/SPLZMn6Yz3bul6WAVq7emE2V+tE27Trf6RKj+kVH955TqPIBpWT4OX1d16dmq6+KyAW9nDeF+q2OdmVh9+rP63tfqzUwGP3erpz6ERnb1NqXxwtmrv0BkbwuMOZAghvWjU6ynkzhKk3VBtaxXiWb9EM96METr00zr44nUp17rorHAfjjQOE3LpvCuW/dj3zqErbvo1Fk5L+WOc1176foo35iyxffnAhkJj3rXH8Xr0s/rs9TrfTMOQ/l62tWQrryvD6xfr6jbulIy/sgty3c5DAYDb01Nt7rVhkIBSkX/I03sLK/Yq+KUii7RE1/sZe0TfcauYDb20XXsde3slhdXN/Mtu37Xh6R0pxvk8RYnO2Ol18Ar+04lUBQG6OsP0cDHpSiFu9lvTM6uI3b2nejZe+5nv/AQ4Tu03/0MGBdaFmOjKT/aR/AxsDmNm3YRfNprho365Ctco3ZNU7toK2X3uq2daKVrP13duoTtspS5fdj4So9Z+j2Z+HoOiba9i+NtP9JD3J7J0/S1bt+h4FTl7ZFqb59hroy6w7eEnQ2toB/nJc7gXmIJpwr34He4q36muaA4wIzaj3sey/dr/V0frc6f3CmxcrcqlztU1GZ/FFtqsSC0sZgVnftD8NMfA2elTtformzpzjFP3UeVAvxNtaRJERxozxiozgjRGl30sYJq98ZvdyQNNFOOqffuR4tIfBC9ACmyrJSHpfJJjndxSd6zbXnfrnkfY0unonfLmt5zrawxtM4DGazxwDbfgZ44CJHrgJillUKmA2/rOaAMyJm+K4cxG8aIEZT44e28D8qNXRXxO9Q3mBbfsHXuLq7DUOXUaqSr3IImWg6/b4jhuVPcHL9rSfG2v3kKF06Nt0Xkak/QT/uAkNy9sCBAvD31evyQbG8Jt18x2l6gX3nMnvtjIoJHIFYahH9yWfiTYDWwsLnPKn0t7QDskxigT2YsRiFbA1KHe8JXlh0YkoIEPRkO5gknKUBKCDcX74SD3B6k4E50m2kJ2AksLcUk1ImJSCeQTykD58QiSHhCOWFp65GSkh7ICdifQ6f5WTPAMWb78E24Nn8B6CYT8CeJhG3yTGgTrZKyDdlkCghsQpfimpQdgDUBnR3VBGYBNVk9cUIgTR6RlV1AE0kcnbhnuMFNBUAzMZfAqG4uewAzGTMsEwLaRRp8nqwAmaxlOCZtCoyJoV/XS7G9UcA2NX1pQvne4p6WfnlJz4tv8Cp6Ycrh6uLgloaeBH3/mcq4sJ7P/3KtGrjkQrp5sGHH3U40DF7Mg3RwR+l3s52QBZXp20G4kpAbit4WrGSyTWJOv1e2yEYviVidiyGkuwgKZOOClyeZcQJTonUoJTMnI6FJmcTcILcipAqoSYLtPR33EjPXXbkIwv3ERaKmzU8A5X0yAuOAjvWJbOcTKo1PiqB3Rdgkyl5RDnDwAAiuJ+LvFDc9ga/nyZyWJ1TEbobjydo1PGmq34mVtodU3U5WwufVDWtmakJPhBYPhSriNZMaeJxfKJwMECeg3IMEOwmh6HiggXQE0zZhof0ppmzy9mrGX9dEJkLBkKqJ7DTBvJxHl6D+jOdupcg0SRWMqOssmIomuEvBUz0ToC61YpEzubvVTAKVKRn+i5mQY1om5aiUCdi7wcvR6q5j4qZziG5aZERMpCDvs7/yJTB1uAEfTOHGdAY36AI3Cpu/DQATLoEScZsmW8IzRDj8oiVJ2j/TWwdHsRlKV/JZthLlZ07WS64S7oCqxCyPb/YVU0leJqKSIctT0rPPZI6Pzokqd5hg0n1SxIlBZ8VoNCzOUGIyzZYUlCs47ps6vT3OEozIdYYIGZx0TUyC3u1jGUJKYSWhhxwNbkmBL83LSCJEMRkfCeE/e5rYg0I06UBG8nSVpXeH/UGxcdlA33ag46ohYheSstBjuEJOUjzAHCAM3lhIk+1A5OD7CixYFr3ttSM2eNPygsRKTzvp6GKI3V3yP5IjNc2SmP64qI0w4q4OVMGZsFobIFkwbJkNUgaoO1yDlFVzeDpn2LoIYf1EfrHpSWe4fr0+JYU2psMRi/dvBIbbIYdhhXcjiLXwrISBuiIY4s0EIiYyyN/rwqIs4h3BCmzCxAW8P0YagZNi2qaFtYGzILAkCw69F5GefsCfi7AQm+qtyGsPXyoPdAqiOxUB7dA1Kai5HAVxH0X6Q+cVoeCR/oRSZjacCXJCT0jYigwx4W91Qr+X26VLWFKdCEvw6kVEpmmZrUzTossvUNyKSHDtAkYc6z2HcOt/iGQnGDPX73YeMiY5QtQcwkKEB2iEWhVn4xBcOACs5xAPcgQO/nLbVp2ecvvhh4nBvqLcrZpO1oNrVtg1GX0C+dKGmpjHzy0DqU5dB2MY6SDPLM6c3KlybXErz15yU69I+AmZVkhuQg7RSYFELyGVBAZHHyGspdcgigphl8EXWcHNN8g7XbMOEAOSGQwS06f4OcgrOxMKC/aiC8SaaQNX8JSyAudS1VXw40+QAWrTjO9YBS+XrudgtTgdKM7+G8b+8AYC96NuGnVeApSIK68hEJ667OFnZroG6+Rtg9WGaGpArXGLwfWLG7WLEnVtyi1cutdCaUoLoW0Wsvt63E16hG+pR8IKTiQO2FUB8ouxdESz7kVLDVOQDKOXzZ/LGu4P3WiWJDBAmekE0L8JrkLM2QQUNxWThFECzpcJLmaOZhL2qy+CwccZw6LEIm4N0y1qv4+tMChQU0MYkUBF1mgYXImBkgn2M0LpRfIpjvALPnFTPkCpgeDFhrfbgzM0/QkZ3ujBqc4fVHj5cTwQEneJ1zu42CZdJ7y2ZGplZjFWcGc/BDKdcYMvmSvo0qdOcLBddEPRovavpMEm9LkDyF5rxg9rBo/sKPN01zAA56EawoC/2aACO++Cu67v2yau5Lynf4UpidADWc0KaoGkChJp4VMQ6LtCv1KIv2ygHDQRg429TQBQw7AfE6yqVFHt9v1+GhYJ7tbJLRVldgSwQiCkmU85Sce58OAgDuJl1Wl3QIHu7PH6zRVkI16kyYGj6QkyTd2F5wiCIykhD1UToYGcHiiQBXFZYM4C7xcaLtCVrivwudW/TgUSIUAYZRlCNAwG1JkByioJND8wBzMOP/AP/AP/g6KAAehgB1Fuk72dye4dKRcp2yU1Y/kqNSNBDnbNmCJMidsERkNFgy2liRNPpDCjedDz4xcpA0oDIgOXlV3ULlBoN+pgslNwttKp3rekQBoeDJyNURRBHg3S8GD4Fydj6pKx9uVJyacdjDac3KsxfBVnKwzfg1cL8k3ZOBtbv4W80n51bCsKbQFBQWEB6qeetex5UbLjq+ze5sHC2Uq/iFeTNwMZf+6BAOPcoWHnOMDZij/ZqxPD94Dtxp3cSUIjJglOJh98JgltBqTLpcEAHLNPgDa7wW6svWRrHZ7ZDT8NT0wdTD3N5GmC0Zk7G4t8YWiDMUkw1IGdpNAkoc1Y5yEy/iZtY+a4VRW3d8Zo00vHathY/6Px9Y+m0IQiqcPUJXdP4mzFNXZxoXKdXJ2sYbnpiMhB8zyDlHwHNIoeLVKeK7Op3tkNXPWHmdZ6phl/TqtWCuzLeV6Xy3oNKAZsbXzYblyrpz/3HXJmY0XRpg9SAtvNBN9W1Pt91ya19TedGUY9BTxG0aOAQhbE2ijgsYDKp06yvmcVCPPnSZu6fpMl/xcfnF1JRoBODxJtSiHtd2YAryQZ9j3Vn/5TUFFQ4QdvgqhDzOKTL0LUAQt4gDLmohB8lVoNVZtKGL4Hzlasjph8EQDoWV7obIgzzhAQIa8iu+WxcRGAeDkEWU7OXOhF/caLAFxIPqA+2xU+5Z2Jq3VJgUFIniFjssxLtqaJCAus8xe1rLAbc22ZJMpDe++rOTyzDgeg2ukEEUlA2+Eq86SKKbuW/q4FC/azGCnqnul7VlHI2bXU2dUDbSobgefemPpzHRVunC3VGf7Ug5W/iiIgRSS/zq9Orr7kiLV3oCXfXMz15XJ0YGChWCYiDlRiijzobJGYCiAxXdSvBLull2xFvH2hB3rYdYQoxiC7jk8fqANfsnd89GmVisfJveRy1H/a+JYRhaJOU6Wi9Tcs0/eOEY+D4wcxLALZdUWfadIHmqZpqlRUKrxyMebJUOSD0AdyDDOssQZ8Mr6Hbgl2S7BbevislX0plU+dZT9oHHXvSalkDWsHPsXU7Er7n3pOGYHHgWU/wDrPD54B/nVYNtvxsHW883wgdq4qleWLB1ThoSBV9pumSsWlLfyryn7xx4Gnx0GV3eMAPaqax2FC0Ql2AcrXs9s01AaEb2O9BotZrvJVzZrnztOytlLhLB+G7WZKSHhAFiAtssA2WnA2QlHDmr20s3F5rmIbKxXYVjhbiZoECgwJ0aNBEkQPBEu+2eqcrUByQSEhQcKjLSAoKCxIksvlz9nNpiiLSkLMvl6+V4ba+VK2pLJMfviqZ0sCqHn5ErTH3G/oM6S/VQhfRvuV43vnzEb9pw2Mgth7mFVU9SV3KFlBzUsKT4vNb/hpqt2ob1jq7OpCiThoCyqUy9w0hOsZT2wuURQxJDwwFptPeLQoiuSbmCWfnLtR1+n5zu5p4/g60LNmuQ+z+LyDUQf5Uv+3G47v4T5nqEzB5iI7bsHZyAB5YFhPp/JZjHHMFIctKTlajuGmZYZalavuXVmzl+xMnK1ECFEEQUhoEYLka7P6q/w73+VhofBoD8mZnhj15x7FTv8pfC8zbXzW6k6yqyS5YJpxxvSUWPPgYswQkLeQr7LAqIc8moLkX3X8szGrzoBYXCgRBxYWyoN8G3k6lnths1WucnyvVev1lmT4HiTJJXogRI+WAInc3EsdAgLkodAAaWiQh8JFLU93sil2VdDPGrPWV+0QCAOE4S0oC7qsx5KhMUAem4aMUX8M2RsGF7WUShOR+ZLle1zO87pQDC7rscXCwgJ7UIIGe9ABoihSYFhIAEHYiAM0NDREC9o0ARI9EmjIbTwUeF+o7/NVBeTrlyYU6uSqJLloB8OW3ImfLcGlOkKiJGgwigMHGyfZHThYaIgSFhqiBH+UzCZ8rs74l1lzKTKrFAGMf0EQyAGxFmucTD7osGZDCeRGBJADOhnDMpURSz7J7w+qZM2ztCNXZ1dSNsXZ2NOEReQ4GSAJEjwgCQiPBmlogDzkc5PIccKiEyKEhIZHQosYEiypO5/DlG640lX5dHrOUI0h6MhR+8Dkqsow2pkL4aPkWiLHxySi6IGx4Gy0kBDPpqBnGUUJEIQWRdEj8vW+lTprHlM8G+ye64VCslCUMwRow58z1GIWq2GGWgWcrWjYPVt4tuRZQhQYEiA8FFoEeYVwIdwtz+siGWuLKSOIyqV0JWMS02Ix2TMLzkboQRQeCRoiSIsUIA+GBAkLC4/GP0yDIOiqbHX+DkajBu3AlK7yZHSczKT1IORXuVTDXWPKDmZNUav9GpHoy93oM2Q7zbqDcbzPDNNvrmTKdfaDNrV0FvIEo2C41ORa2rB8EB6FBKnjlqekgPt9iU8RxAPq/Jl8UeVe/U9m2haGyn0qFGJEhQeDXVsAgEAALlqgeLrArGJqJwMoejSt8DPkSQZmCjqPxQWcjVObu8bae8f33bT3ZYig8dz2e20MuAgZIPLgcEx+3+jANMQ4HJ6AMk+qjNhO7mR8UycX43ABbQx2uBVDGZzNZzRVwK4tc+GLb2JKLlxMU32eunvYTm1YY9dSm1KwlHtJMv1MusdhdmWZGOCBehCTSb5AtV8lijaNPA4PdOFsyZ2QKI4fvNnXZ3vxGFMcVl+K5M4UFWmqHNfi4N5ircMQ2lZlN+eqxiIOLtu5OIlEIGYlO9CmsKeyZq/f63USiWhTCSzryUC+6Pa95OuzVbc7QUSmxS/fRFnznoqoul3MX3TbLwD11X+60QYCUkTy7HGn1RNToBQpohNEpPFAFMWPA0OPg0Zt7angzOSKp/QZxZwF0/4CiquK93cvzQC7lq2xZ5d9fSYn1xk8LdlQfbXhzlD96WQNVyomVqmgoEdTxjw/ms7WnvygI1d5rnM2Vr4xCgj55JMvtq44W+FsdPmmb2zSh/GNTQxtMObCzOKJSXqeGoPRYDAYsz9bfYqranVibHrCcCmXvC8unpVBCaIY8wt1BkMbDE4mX8QkYaAhYDDUyVXGAkZEoUnCHbzdgzdFTQdi2EZZd7SidCZrWGdXGX9ukph4SxSvVEwomIXCeRVPSTb2TD4J4bJrC7v21QkJe6YISBGJNijaZKfQRuT3zvQ41xVGfBzNYfc3lg82JzfGphxtw7K1ZuBJqjk8s84AkYA2Ltw11jgbW7uotMTZ2EDZdVTP+s3VaFiyP43bKAB23tkN3GYAYiu7HDE62L3MavJFt453/oUOGP9yUO0c1mwI2mw2nEy+CLayS3l27MViU+yZZjZeZsUTtlZiK2vwkudiLnd+FClgFnxRS1l4pVFoj6dOrmrV8S10kp9n5s5T4otaiVcVD686bo8Df7WRigeyPO1pqg/07D+qjyqrPjupk6vPlgqIn1bvKaoPRB/I5ab193oGjwO7fkvth5mENiz7s9V+p5ALd/I/qE9biXk+aKu66eR3eT9BRJThuzYLFJpEOpAj+hw8DpuFByQBcql8upRTsm7QSpHLUMLWxqePyxpKfnler5jO/ie7Am1UrY6IYGoxz8x24NT7DlwZsRpOuGI3ITLyQSc39qwwTDVVr5R5ki8H0HcYQrUlYELpcAaK2uEMJKlrhyE0AvEw24oOQ0wSnSAi6m9mPTFpG/5lcIlYLCxRfSqZUCQydwrlXme6LwxvVD6n/Q4U8mmXwq6benCpAp2FkzVdAMKUnYUxWSZmDz5K2yp8GcZZsP2dUKSI5FUwqxoPO9sxtldfFYfIgAosF9BGgQLq4BxXwqWebLnUb1RGi3gcKCAmSSWKBD8uUSoSJUKAPBKebhpWcWXHqT/MnGek/hIWtD+y5M5KhU7GML1ELNNEmzpoviri/Vk8MfthdqUQj8MzhDobnVBUKxORphQTSoeCdTzzforlZEojEmXN+5WTH27kshLH79m8rKzn9ZZ+y+stLacJU+lyadDh9JSw/+tpcqIy46/DMqpZjzscTeHREKKGAIkgDscDVR111R/F2AMmcsWfGVZNn3Z5tuZ+a9c3Rr+lfobRhoSinYtDrjUcUwsxy+8DNUABD+BsPgMU8IDV6qljzxBA1LM2JoUsiA+8Tsi386K5rKwxDvd2fye+lGqTXEtkv++oq9JTmaN6YmrJx5intno/I6qdnyupmwiTPcPkQkk+nafw+7MY61xky13gj+NK1UbUqvkXe9T7uZjyt9R+tRZWs+Wr6AQRmSAiF8+sqjdogpggIqqyJ4jI4/Cw4afh6Z5E7pwsE8mle6DJMuEpuXQP5JNIZIFCPCml3u+7WuoTuFRHuGsp8ntnagqX6ojrnwNn1xbsZRgePeSmnc5WLMvgapin+pP8VeumG2hTioQYClA0wfeQybFjlpIiMiKC+wF1hauZ/PI1yddP0eRcZPJXEQjBn0SmIQTUszZ8Zn1dDG1EhjbcyWY444BHKt/+5I1a4GMwAAAUHCaTjIYCaRzqZH0mQp9VMOTpV1lCm/PlUN6PbpKttxULVw9iV3UwMIZOEzJtM9FxHw9wjbjFPx1w1uokaRbHldIVoDu+XvEhImayOSq6ojBl8RvnUilbXsZWr4/JYV+Bm1ni42HNtkAU5XsjUnB896aeEw2ybtEglRxP/ZRhFzVUaJ+8HZOSvwTAKB0yPm33u2UeRtv4NEXG6EEfSvgkVtSZRkYb+hrQjoSomTmgPk+abAZNV5M3GPPFjvY4Z05CSpoJrWTt5OTvl6CIA7/amVvrHE82akeKZbIBt082nhSUjbM8dDLfqci3ER0Y7vJxpiWk/WveVdZnA4ZM+tGu5xCFqaCCLp5muW+EnCjZWrYn8oZ1l6Xj+c2jCjr1O9p52YXC5RlcNo7iywaZ/bJxmqKCWg1G6RapO3KGWUpiu50EcKYFenGDfDLa5DqIsymBPnTQO41mi3g/Pha4gTgj2Gkq1CxJN0xNk2SznhJMm23Kb6H6/LnZRizXTs8jx+bwvnIizPto8ylvWzSHd5lDaDnb1P2bs52u2zovnXWzdYn+5EzqAwgETzuLd5XYQoPGLswgNGnTpbXjUuOOPOsnUXncPLvRRelZRT1CQLLvEPuMNJ9d6P1ZTUC3qqAZMj4KQNvIKQPq6hbQbpQVaCV5IHfUfhpU0oA25c+gzVEl87fymQYJv0zuSVUFoqAGJb/PzNrd2WQGRJsQAmUlK7I/EiEhfby4lyPliRsu2Zkjsd4xiPAE0Y7l54O5vCZD3lSEXMo3wW9K5IcHj0jKvx6IwU4W1V26BDfuwEEpsg1IRSGqjOImJmLjkFXKEhURZbM04C2Qs33kpHd+LSbuoxjCDtIBlfjRinQQoTWrqXo2NPecY/ACoN359Onztqgjs6WP1KMXM8NGFyGjaDD0jebML/QOmlCdm0VoQaHcERpdcK59tc9btpFZYEGmLwpbVMct+q5TReaSx+KubnjkRgWjIiHXlZyUir0XWRoUoFC7bCaRsVbjQn1vsUCvK7B4ZxQWeaA8KB8SXP04bFF285LM+Qpt4VxiKTDF+uSK5WPg3jF2p7vYLCTS435sDS6S5QJgv9P61vsPGJ9EOSFtnLjhdnS2OOnhaS96wTHXiQzJ4hpYL+W1yUxRR7S5YJeXNhK8JWGMIzGXS8mWS96Jb/6Kl+7b7XbS4i9/+Q7ZJ5TIp7YXOGc3zFBql8Q38JllAW9YTSu8/m0mPXp+XrIhAw8+eUjRP8uTU4/35jFzcqJIZrwjhuIHREhW3Mm1/GTGdrJHXvTgwn2r0HoK+7qxS+nA9izj4ZmtfxYqmkj4bC5TvzeFuhdjBJtPhKQCbn1xsuRlpV3GQp3Slf4UAE61cyhdBluTqH0CKinq5sc7cyIi+j5ok0TTz6GI91TKxb1QRKXyOiyYsHxxrAdd7bQsEsBjwoclR9yONbylUFJzB5hrv8b67w0rU8LaljBMaHlLnKp3qL7BPdN/syEpXkoQKhSsOunrEnDufARpqnAt1D/wLFeL509vGILhE2QDwolfSx6X3ONkybNZptNWtF6wXVAlW0cX6I1P1IAh7DhkicTIPRDmGQg0jWUeFSB/mh6CULRYcPJd/I/SYD+JRmKDfCZ+APBZfJgYIKBqwdAIgmioaUkhAJ1yaoosjKjSnx+NoSuLdXUveawY7YSjxQbFA+K4Je7qEKiE5YagZQcz7rpYAr/lpczkSPOXy97SAva3K44J4/q4Ymw6jztchBKArAT9hOjA3ebyHwP57vnRWHJvPuIbdgRuoair0RNKQ2Gy+zBsDzoQhEz74jMy9oDBeM7Og70iUppqRlSCPMbNBbwvuVYwOVdnV9aTfapWjSWEnRJ+tCySXoKHQVcIm+mpV0GXtwEtOItlGRDswEpw4TtyY5dhfSixkw/bgF+Jh0IFqGvEK0zbIvQtx+aTBPIvnFClY0y3zUqEhZZpwdCY0PUD0nYwpZlfhzHjYtTZnD1PI76+pvXUcbhnlQvtaeisBTR0SDp5YlkLE9ejv4kXHcR2ZAizxneUFtxmSdXSepQqBTqqN11n+njwj4fMlAObHjEZCl+kDMqyR0tEbHIwn1y2sjd6Yx3UUqkmINXh6+Oco61SVlrmb4X9SD5gwIBjS2c18Qnz21RTD6CnAaGW7MSjC4djVU5298HemgdOp4K+VmrGJtNPln8/QjB3gWzAGnKDMRlQ3mfnypUMenLYs18G+H7du1MyEO/9usgVhVlKrJtezpQ7m92N7TkyvF8J78J0T7ZldjTIiFzJFU4ENNGgEM8LjKxD0WXtgadNHD2Z4jpn+jq9ZPIWizeREz2HBaFmA6AVaJEg8BBgXDA8OQgm3AJtyKTIFQjaWDDrk0pSv3m/p4AXVLqGs+QuTdgEoYOrdzoWL8Z8eYYUQh2vNpBPHLhds3+G9NgENowQXi0GX6KLVnw8tWUkvR5I2yyk46gMKZmtMEWsDyHMTxaRgDXrlEDsq8ropdrhGS1rknB0i6zqGjlciL2Xzm98cCZCFLI+jTbwyWfOW6ZUph/ehxpeIqPePAbdCW4arVDcPiUUhybmL8PGX8m7TPFnA+04Uy90amyWti7vmU9ozK/9Hs0dwaQTki+rxRwO4GjJ7J6qozcakfZlUUXZjvZNE1RGHymAUbXYZVDpE5IxACyfQGxHp796IuBL+JE7T1sq8S0SImAQfgd9kJ4sX70kTJr5JoRdsgo7WZWwP8/K+tBwogiQlVjFzqJHAZp1EpWlpjJ0NY2MXAzvGhq3PYV7jq7QZQWG64PX4s8/wduTi3f/RIhwtjNUk5yttsC5GmUYgktAB2g5oC3w8c2wy9rSi0Zi2IqawUUxOeuyhqAJr7y52mUYxQQ44+yqNdl9Idmk1DXUT1ykOXyPhoUUzTqVoosxxeLQxw3E2b2mPMshbP6pQ7Dd8+f+cXb0OBIGU0SwM81zokglB/cK1LobKH4b0m2BqhNJSBayCjMQBYHL5BizSfrBYZMtAdhba2R0uqX1PxDnzr1jvDE4IMk+znOYzHt64LtczR/N9kBc820/WRnoDBNLjQd45ZzOGnm1jeARfoeZFYA8e9qV55/PCvZ8IwmxwUE6XEJqDDLKMod3DaC1TwdRrh4mDE6G7g0fG0GtzNhW0zPxB7s2wKwlDkw3XWnak+kkROWSh3LLIX7qhxrkzUEtWqzK4dkt05hIrAZW0QxT4iYD2KUwVm+gnCjfpVRMAM49P+QdleAq5pwZyHQlxgHohihOYxvqXm+4cTz08f2E7yJlpvyau3D9b8LwtPGbCvwYs19pZXGaEJK7iSEHh+SG0JbFAJyFLpNCcnASsTeObHYupho7t9c+qIIWJE9Wh0byepAMwrt4Hpi/AZOFJUbMrCT6sOGa+8kIpDO655iWyjKYNORhLGZHp8wzuUKi8jOlXq4QLDxUCiGlqwEZlClAkFsGdW5AuTlIyrAIOnS+J69EZCv0yH32LRhp0RZ+TK82ZwslVEY9B+Vw2lo9NPgnbEFw71JB6360E7DNW+j/mS5P2ftjpm0u+UQtzxbuaE4aNluE0DtDmTKiI2GIJ5sM0Y6PGs80REgeSu7Xgg48KxTiA1OlVD+1N+g1JkkFsef+Yo0Zwewousc4CX38FujILLh8fInOyTx7mVA2C331utoGKVri7R9NCN9YNGTex/eGMCAvRhftEJjdcg7VSAakNzt52I0fPC7+pUf35bMf4DdiFxzVCcOP0uscw7Oem/YN5wOIa5WiXUbhyxQmajYCi2V42ng4zoYRq5Whvs+3aWFH4IyK4OpTSlTHltzpGz8X5XPtD6Nuju3G1YRsyOayWCdZDLnr5tVjuWcfJi+yn2hLELnyubwUmZcThUmzYkHGk846tzO51Ae/Unc4SBBRgugdLZ9VyLGsOCec84KXnwpSBDv/kzAZqDYDooabl5TZaFUH+/DDPD2jFOjiby1zuIMzjqjhquNMlX5/U0wGVoDwR2PImEuqip3jz407xYd80LhmE+PqtIZbc2CKenkHt7IDO6kb5uJskGL01WHP/vwKumqiHXYaHpDzg4KmqtyqMGGMJ3gBPjjWjhFUSd8kKNQMq++Vz9qtnUViv4INyqsg42SkKR4US7L0vi1EVzcbX5AQ24mGj8GdbujR5753YPH1Vpv6jttsilMSX7pOY4Zg+dLnqnrM6ex6zGh8iaS2x3DUqGI+OqV4JtlWb75nC3b3aB4dysEQp36AFSbZthekq/MyOmUxw54ufUGadf2468e6tOLNPp5sGSTLzrBKZJBZp4wGFtify3RTnlTSKQ7V8YLLHihQVG2hWbFZOfPiUwpOu1alvTYBns3sHfUHm1sF9FDW8/M6L4Ulvu7a4F1Wgj1wZdbQ7CKYhT18AZPCIFN74jQoqzk6PJ/M+glvF7mZFG4XP1+NAS6Y3VuqjavyPTPkMH4bbs7gOpGBB23jmHVWYi1NGKBiwvWJXCyreaXNceLUrpYXtwUG4rCe7RdprredO18K+ReQaUohkwNrkNe7+1Fy/LLU9aaJWCfTX92Ktc4lVHwC7j6ueQ2gkmKS0VSOdg8vuhAb1BybHt1bRaiwtsbEef7VxiTMGu8vJVUfmweVIvrkE6d5nE5tG6cdMKKht9pHBLmXOMsIhm3FFVLhvIGCnnp1z8JAlBK2+OsoTXnsMxzDnIukHlLvbwVqwjOEObpNTvoUZocEeybE/Unk1iR2T7TjN883MlJb3BsUCkakfoPPZxowppqa0i487N1htgCMBK3/T+DYoTCtcrJpl7rPToHoIR0THIptYSDEbKOaZ0CEPFFroJCMTiacqz6QEddjr/UVj3Z58YSRJsUIGsDDBc8Q2344wyC0gzZE8Uw+zHE4z5ECbVwyuXwGUu91FYxzYdHxNmC5bD8MYxf+93zo769HUvHnTLLQ+qcyfH7htz3nFCccUj504OCEateIuMJTI02PhPF4CqvO5aA0M2lT7hR7Ay61poqqVqf8agVdWivmWXUL1Yv9xjE/KxBOQbqXPPbSagvyvI5Qz2sZKZ+IISEHWhK7GAhBgoDk5xO3kYjek5e0euPYDwwu4Za3NMAfdHzDI3x3CRNqSiBociCWE8apI6awS31O67fJ0R9K39xEsXyIhvFn1FAjA56kGQ/DaxG04lxmIryhEz3v5Cv6/UklopEEKlJ64+vt3AcLLCZ2+hO2gLmPhqRhW2hJEzjUu4SvqApmWiAwB3Hij3C7mWHwEKbAQeaptATdhFwEhVt+DfNZ/N+jKx+eB+Dw/MS5Hp4dKwHLkKVAOT5j8V0QTtaG4qJxFg738szpI5jO61xOSGRUZhFvOHMogQIo3OBRCxJQSie1OqVQ9+rcFmLvSZO1lniDLKZ7mWS06nV/cCPw/bYhzSBgslSEYssdSIo+hIc1prQomSID1ARjLVT/xaBYJFcAaBJijqd1eSC1W/ujvWkl0fadIRSA+jnx/OGF04Z/QJWWzjPkuocpyaBAK7nyMmR5oFFawoVMRAkDbpROD600MGfvQPJGyhWpQylrzmX5FLF+N4PkOxOj4t69Mu1OW9y4uFdBZYztxBCwBsjZhX6stn8xh2KP6ot9vANMKgx4ErRWcwJtdLoOnTH1q00IVRuqXBVv+61ozWV63msTYz+pIiSEUCJqMkYRPT+3Bu1qtIOHKrPbo3X+VDUuEKPRYw7oX25CR9S2jRQTM8INQlOBvjH3SQI9sEB+GJGalstFtEJCmbCLwGlVx0D84VD0pEuW2xsBkeErDqWNp0VKuZKJpjOgMWXykMokluJlB2SR3jITQzYIvuwhsYgoDXUmVp35TWlPjjI2Xdb8d7h41NocKYxNAE37AsgzNoCF6l4+kd8jqeGPLaT8Ziv0fA6cOYXUqRvqmsQdVjqZcyakxysffJA4qsiopemID0z6nBrRE+/6boEIoeJTs13Cw4dGHJe3XSQcr8EzAEQQVpIvHLINjy4C8OfnF/8jwmP55yz1rjJakOPGY5v6+HadH1mZNmMwJNXuKz7gvQiFcTWplQLoIYPMaXPaFtAhzIUvxdLChQK5JtEduebsj10WO4ZJ4Bbn0XC7+1ZmaNOBKGQOwTIbE6Jj8lWUWyJ3k3wwRnevVpmOX+ChsiRb6Ai89/VsG+UNNaQOPmCPSoJLw0CIahShROWU0ePQGR04E2XjoFApWNeO+R/vRoqgwQK7OWrWHUeUAdwNikq5b3+zDc/6ofQuisi3sipmsxRkRe1/P2gPuyFP6Nkhqz4nfJBa4YktolDCU3GAUdFSmGIHzlTEE5pFxg0cJF+mbd5Mj/+ZqqajqZacyhi3IXXWzckC+GON8MEyEneDv/J5YRozkR29hqP4q4Ewk9lQutZSMZbq8D/p4bCiXMorehlwKVHEMHxZ3iHussRu/irRvsSDIY+99fo0JjvSSDPOogy0l4IaBu7nM0wkuRrhKjTfxLse14lEncj347vMK12H9QPKe5awE4yhhS2GxjdPgmE9xmu8amOg0Wo+T6WdrTO3+IdAzm3waOe8NUBhNbjO+w7NjDeUduOdE2A7mB9FsyM1o2D3bv7yJcIrYiZf4ZN6DyTfTiBghQtlg+QsTRFyUERybgoqAdLcFX8IrYBMuvXtijHqCoezMyPz8UGe2omSK3Le/L10An2l+i0AOhS4Z+a8Bj8Gt0G9HmhAd0FoVRjai5KxvyyiaxLna7Awa+9O4rGhIInNCgnXcB0ZxR2yn73aHTnTsFFaPHwcWBPWQz1rrtBnHIs8hEbXo2B2dpgMZTHrpPdNAt1hW9du2kMytIVYve85h0SccGfqtLg3s2cfGdwUbj87uocfhicRjivZVnUdFkhYGVR++lkhthOHRvxF1LQ+aPvs7QQqLnvJUEJmJJK6fFTsaXOi26KYmxG6raUxq65gdzP4XZj2gcsqsHNu7g3bGEJBOUeswW7kUHGr7JdwLDaazpWiOYNyJYIBrMRp4ESR29HyDKm/RWMu0CcSeRpp+xbMcWn8a4l1liqZYOzOgAZjW7DGjUUn+7bmt8BftiSz0FNMNP/zbSxiljci6t1pnhMsfN1P72C0jkllWiHns7wv8BpvjAJ1ugaxtFISEgQ8KSCJAin/5o7nViH0J8ZrQj3/icINEnmAyw1itxCif+D6EYhDQOwCZJ3dr6jRRS6Ne3kgtlHilmh9dY7HvVw7ItvKy4/vMsGKZ/gIBb3zMhzpnbc9M5p35KR/GT8ZyvD5D2EMa1AO//SdoXwBfrXOORRLHJjwmxgdGlcIZ+nbRK4/5wmbhUpVlpX+ug/6YMCQR3Mv3TG2oOwr5PyMssX+xWUoyNCw3d0MSNkoWLQEUqpKG8kCEoqAZgrO2fopDbdBwgsd5S+ny8j1Bs7+alGLna+4RvR60QZeIwnDADqVuM1uUi/C9DAquAHlagjTW6zmYIzWqYD1Y3/9FJIKHIt2Qp5f1+XkS7P5HE49DkBvKZvNYVaDkFYcMHC379CarmTkA0Ix8F5tlkuu+MpwI7X4SGK0zUBuyjYk38E61GFb/AlD1w7aUkoBnL9Aytz0ZvgRgNhEAU4KIFNzQ2P6VLrNZ0DMqg4st3hNFE6fAv3KH4gZsnx/HfluubDALtdoB/9UuhxGEtV/hGaOOb4kAepDxolruJ2kNuHKxummJkMgOyAGpILiL9KEKUuv4gBO6XR0dRK05pPON3mtU6NJpzkaeSsryY8Yv+ScbxCgzDhqjfS0p5/L/+VOrsTgPNiarjtHW0X+4jDMRuZThzJ9aMsyIydHaTA1RxAFXhiKDJG1Xdni/YjIriIWcosdGkEJr1USczoGI3iFM25041ZsYSMOApsKLupLHudsBotP9oxE4JI49V8GMYGEK5AXIrVFeEs+C2K4DIwHyR9DztALjCFmkNMHkRAPqRcYTZZrkdd3vaHbcvDQJOxAXZNza0xr8SG8WJ3wONaRCD3m6JMha2NESd64a6y5T79pzWJomRm5JUGfhFl7XxQkLfn3TgRM90WUtqXJbRkNG6kT3i2bWJZI1N7soQN657jxRhN70Zx7yfIlrt4x+H07YTdM017Gi1vvdV2RM+fVQcLhmlfdy0VS3VYHGfeENqGIcaaZpT7mVUCXwGQczJ4kcG8/kjmOgYYWDKauceLGY4BEYiaXxHQyHrwsxXJrdZwnYfmCFCEllZEGa+Qk8C0pCUZwEU/LgbbA41E4Ayv5o4n5KZ4aNp2vC5V4nbWjmLNqNx30/c86kXxIVwDSLjAb85wdccXzm8CgNIcenhPYxQ/EWN+CO4JsTuPawIPE5z228Je+Y5OkF/EnUY9fSbUywqIMXRVwepc+RODupGp9XGeWoBGcRHMbbMqWsy0EzOks2Q68n9ERQfsm9FcYfb1a3rToiRZAsoOmNBkKpjWgxNznhg4E5Sj8GKWgjsfLlNA0AlAyMUg+JlWrWYsiEj9SR4yWmCD8oPuQsDGzEHDu4uzEHerh6xgGLYhqsFyNsHNj52G3L/CoSAUKm4DKjIPkLO2fItsImjMttzEC3n3nN9lBMZmK0P1dWwlZIxb1RocHG8blxYOuRiVrU73uYwNbCvp9X/6DLlxCTBXcNknvSzaCHXa8jnGelfOwZ7Irw0jhsQm5gTZnNtNEe3YDl8jTQVbMHkkE/YSABA5cWX3C/la/NobiJyWWJNi4VvabWo1gwMYwwsR0xS8T/IX8N5MhuXIEnJBbLJjEx1oJwXdXqm+FibfNq8FgdV3rKM02+qTBoBaAw5ehwORxAGQxsOU+2hHXHwxrvPwpBvbA/vcsZSFEP4y2on7WXuzr2Mzav1XDHhTlAQsobyikq+u4ODBrxcJc4XHHShelQsIwIhr5IB8uPWj98Zd1GrV2FNdghjfSjucece899w4llmELoh7b24E/qqbDIwzPBKMpYiRUDCDg4JURIsiNT0ePYuGIsCchJFMj/hYnA/rnumzi+Pxs4ACnwX/v7YB/7ECcLXB5Aut6+rI/T1cdb4CfL3UXNwWx2pEgn8JxPr2rGgQNr0Lr8l+z9rdHQxzyEKKN8GWgyndwHguMolj5ScMoeMgzdkgNnpWNxKXg4rRlsSpzC8SaYwrthGGvMdCJX9WHs90awl156cVgkTmEeYDRF0GxCfjgca6cXdwaZf+GPh/Y+h/pcVvjrYmHA7o/iaWa6gh3qXeK7ebxnb2QgCJCDZxlponlNwBHfLS5OcOU37blUoCE6huHw41CBNFA1iq6fMt4hkXcze6ZNC60GJMRIKncmcgmDNh5wWcesRrbbI4PuvRpqXMgWvtF9ffSjVSHa97YzZU7OxDGgVe9nQIYmLVdE+gELqGkO6Z/uwKTWZhlR1Y8vUQ+XYrOHI1y36M3gt4kKzE5l8rA04rgi7cL6RI9O5OeHsH7EzFuIFd7jTQW4NWtUN+InNIc86oA1dCQraaGi6wbvveAyw4YceTrGNZhrc83yaA6foJe+4rn+twqupnGhx0ikkieQmqBCmcsc4Hi0MO8+aiDB4uZLmglQNmckLxiiEPE4iQFNYggcUYyDWlMgxnkzvxjos29VCYOasmSxV1yLrLMqFnjQjh8c81SU8pS6GTuL9UL+pnMXwp+IoP5oHI2UZI5AlDx5DROuRyY0aTkpGBZslZ7poRT6w/buW6rARYKaosoT4m52cEjOEXY+Mhc0jlJGiNg13xGdP4LmvTzc+W2uYLtQ7ARxdCVOTh9MBzx41xntQmuwNcg17eHNuJudJHjklq305Reavx8mJWbZMB5Vo2L/Q/WbluqXkdf6JM4iP8CY4ckrhF0MGRFSfAJOm2iZnxgnpl6hIiwQ92uAa/TSI52XknDPzmrVEI+U6BamIeHPEwvvO7AhV7a2239nSjIoS01605MIyUJSBdvEsUkc1SkFvxclQuE4MABGfkbadFkngMFJGcFXdckj2WLmHL5gXgQq+qcwT8s/p7W+Q2zRuyQrGXfvcqsguL3yzOXdNwnx2VQXVhV3RHBsZbDsexxrVqYkKgmgKOADVQu7PeyPadA4tV7ml7/S+6QiCndC1QWSKgi8pVvXOwztvZwGWIS3GiVq2tawsk5LApAulgu54CDOZqdhmK8oTW6qBCswAqBi/M7yJdQLUpfwkqQ32i3ph+n0EUQgctePVS0kGi+GNrkwwION/YOXQKL4oTTq0oK3kRpCypvj+EbWuXoXXJ+RIJ0DvET0YHDLbWb/FsewoXQGP9532xJbEUlhdU7NLhbCSIfEJKfZBCACmxpaOkcvZvlYVtoO+Yc15DKWxc7fTgLM4icexYzcXvhYg79TcMHAiTA9C8J4cuocAx2GHfjiszUNCKyQwjS36BLkWOeX+u55ud5cTshkPYvsriGIcxlnKvdUzyL+lSKNDi9X6ZdRxYIkrnmd1SPuBJo3x1rZ6pnF5S+BOnuUMSIg2FY9jv2oGqKiMa+MnUYv9LqicHPk16BR2r3+5Fivya02TvNNsLM7vtj3w8tgoy+B4K++8KdOfme4ESE8P1HkITK7p3Uiy0W7X0qi/qdq77w2dIJ3bCpC6tph8/i6yOf/eiyczlju4Zyf4uomz3gvsNMhzi8i0tcGaJqkMggFZcXIOx+KT4NS4Duke9n6i3OERLtQDJNc2L7r+fENF1iAe1RA0+EUclyOMOMLCnnCTxN35TFwsZHj8bxKmhsM9IEbkxzpYu8pxxX7fM9h3s8ZNLs+a0YfUNcjbBX1RaHSoyoBdRLnp6RP7bdFtTg27VV+gA9YrCCXlJw8c88KIEMq2e0Kh94zThwuZIv6cBCYFiLHySQOxTgwl5R7KR/W1Z1igOtScXytuGWlgjQfMpZ2nYkaSNXBLBEoILZZCynxJhiaH3UNfUCTawMwwfM5JcIVqYM4pI8p+AaSy+usbIGOhpj6ME4ba9VP6K2Xf4NwxyRP03L5RRZi5mt4pJwhPNqIbKzSxHfCiFJIhxPoy7bFrSmJVsTsQXNnSdXMi1/oBjv64RZAfqCq1zmPC30q27mPejIM+pwBAl/swUK7OMogEQ/zDCK93IE4eeD8hDzKDLzrBGc1Wol52fBwV27W63ncnUhU4ep6ar12j4TGg62DVAuvgYdsbLS/+ExWETbR65GoMoigMz6L68t0bpuldxnvUXTLX7KscUqcfHJV5WFgRREcErryaXg1prLqDh6qNz3Z3yFirsqIr+Ttxpcind6xRwiO7moSbxw46dgKTEczs0XHy6IVY8Np1pmUwLoQIa4+fgRu1LQNpq/JVu7IkVgvd3Gw/a17BT63LQRBZ4LUwlRalZC211B0XN42ELEf9/Os/suXN7ooA6o57DST4mNYILbWAzpnMVzEoXJv5lcNUhF2XJhLpbS3Li34kZHiuiLO7W5U2F85VlD2dUuu6u/mN/O3jfhSNamKJ1KOIZfIigmxRvkma0/zXnNrTWLpILIMAf9JKPBg+ynAoPFTCVp83BvwnQ059/4C/HaQuqonlwh1UM550i0Dvnvoi2meigb9k2ZgEkBevwoXiOHtedcTO7IkM9jjoklPWEK/jrHrOpN6WFmEkpllFX99JKGA6l+HnaDHisac5lBuryqPrGoNhvXvqpChq4IZQubxWof0eJiKOY2y1R8UweerJYTHcSHbdq5BsQTK0J/gAboA4Sj8RXVVkgXgFuTprJ5BurJlwWGUSX155vCNDASrXg5NyJmk/4GQFkoBPaR/+dl0VP5QoMFPptUIQ6MDbX5fmp1vpd+uY/QV50BXW8CcfqGIqlvSHbTF8/qi6fGiztt9k1HNEZ2+zoi93UyN5zc0MwDNWRDyfnNCfSrZR4byVG/AnX67mH9Qgr2O2RyDegylqUk5RB/n4aQv6dymL9REPSX05eACfZXzE17D4YmF5QM+Xcqo389nSEQ4L86moJ8Jp+Ng/+LiQKAAY0+2aNH9x0SgPMpKMkMYJVBgAsiHsQBDDCo4QBvNu1sxEoRANZDFBMh9kuxgjiyLGCYFgz49GjAngQOGBFLB9AAznH/wEj4zR2pz4H84iZwZPhbF4WkSSLwEKXBIN6bpytaHWOICe83Mj1I6RX4uf8vFHuaPfGnqZOM6LChptGK1akeNU/jpAZTZKmZdG5qKE1PjdO/40imGktITqbFYf7gRHHvnc6dcu1CD2vedMcapOTLmkif6MwoRCQGfNJvnKIrkPDW/Nm4BhEd8CNGK+9m0igMTXz6NEHZgJ7/1zgqAxtMiCkRrdsfzMUJtcUGk8YmPweDpJHNHqEvBur+YqADF8h6p56QYnQYZ9OKOxQaY00eY5eLjPFRUDJUxidd2JQbc56giwOBzPgTm7GbVYHkM9bOxbckNRqbbqWxo9rnZqmxPLM7idaY0KQskAmvMc5iY0GRaFI15UnYFJBuSmjU1BaLnIIJnRLPfs6RZWlDfz2dyGX1wkdjORbHyC50fBwDg0o4pfo+2c+xSGOfRhod63w61nM0kcdfxz3P2XHS0m9udwxMf83HYHhc6o7HmC6Wx6B0R8w8H8VsBZFje9yoxEWhNT5++s/HTXR9zOm+j2vK9/75TYg5yUamm5MoprwSQrsfCS5hKw+V0xsTNAqKUFRDPViq+uCMNqZLKC4KN1WEUwfEQW3QOB/8k4zKAp0vKdzni2kA0bAayd9SmSa35/230n6TJxXj5Eo9O8Q6uZRiG0Yze0ShvWRqi2igMqr2owyS6Jmkb1Ao76X8Sc6UPX0jTXbKmf0pu6mtCBXwErTRS+mpkIlfPm6BQoEwOQvDdAJigPZpRAvHGLVAtvSdTBPKmLyxbCRpBpPRjaV1aHDO7mPjTKLkihiakWuzvKg3YKabQlJI6Mgk3FxeIm6SkewUHk4VetvLo9r38ik2vixd50umz/qyUg3geHYNz9UcLfucwO+8PbEmNQqzod23XKwrJ+9lQV17PxzlRmaHO5wWPnx1bmQpG0VcrFIf8NL6b7oyA90yo+PxltJsEKZjUrYmLOEKCirqZk8IYo73zHlw3Txqu+lPbf/80KwIA3acFs0+P5qxnCAcX5ozr00z0/001zQjeJyaISS9NCmUhH+r2Q9H+vQc/ztPL1oHPCyBAOc5BjgiGwg4qE0Bd5JgwCn+1nTNANKfTiQAr7gAT45YojRBiplAmLbNFEVzannQMskLmiYPzhT6/8P7QwhlVgF0WZmbeA7CYmrughCgIEC+4sERSyxbtqw3bZqfiHMHp6phjtqWuMxUzkUsGyaSTUURK4kq05S9QIG4qx0FyAnN5nuqmnyYQCJHWBZlw1iwNf//3+Y3P+X5ZXwZn/qvOM6A8w7j0XAchsNB0CBgMN6BwuF/+b8zHfx7xIqyjJL8R/jf/3vZNWgbud7G9/n/N///rQug///ocVSTXO+mvmSKCn//hTiB/vE8Xp6x+tvoy1tUnmj7f/L9/7+MO8zxdRmOZwMPgP/fql5q3Qb3eYf5v1X+/4/zy7basu+sTPq8CidxU6ymbpmUTpIycvm+NHjQQFnxmvDKQH0SIgbJQYt6V9BbQJixXBlJekMXD7Y3X/UCiD+owx3ZBAAAQ0AACAA4kGBMLJIHY5GwyPIDEwCAwIDAwOAAYSgQBoPCwEAgDAiEAqEwSBgOBYNBkUgkMhLkuLRSBTgJwF64vlhVHup/S/2+KNLxzf7//IM9KaIVgwBgwppAkO5wAAQqHc8xAZgNCq0x1QDh/R4MNzJ1BVjNdlCvOy5yL9OpxH6wAXPbzxAPJELjJGklE+OflTUHI6DOKkHw0gIItN4fgjTXYaI6TgArDZNGC4AgSmLmwgFTpC8lEAeYKNJoqvRf752Wf5YZ2uipgnjad8RUAeI5iQymkrIrX3COtndwWebe8VAZvenpTwchk5YlZ+M3oinGmBFNDjqjbtfTkQf/ayCvcRix227YRBbLags0KwOG9mjxX2kWIGvtZP30DGbOcDuQAdTTMBQvK2k+RgLJU9ysgef1Bavie7eJIHoNkU6ICLc9RhKxfYMz/lbFsSA8TsSA4H+rdX8ZOgStCK+FOCvJCQHYZ4l1rUSCGMbOB5lA7Ok8PyvuP0xHVq2nh+n5C5dwOIqbSl7mi84KeCFMx/L/E4bed4wwWENUy1SKuMCIUCdRbboLQJYLEB0A0cn7hTVIBfZMtOILUhnKkLfOBAi0xvwCdWhK/hmtibNzrGU4usKwKcHH2nNJapRgEHTgS5ZvWxXtYr5oKEKhRuQsfF8NPzMz4CKWuRKss8K8UAy2hhXBELZljZtLK13r06EIHV7t0XFZXivJb8UDz/W0E9kxGu6BN6qb8VznkdIYI2xWZuPWHNo3Yoztjxzl1BDWEWmNlhnx2JTBxngxyV9dwLsGW2YIEIGjo8WKg24Maig5yemN7eegMasveNtMHQ4ilS9U4wTPPVO/g3RHodJBREwHZE1sQeqOZRiLIF1hCBVYQgjD1VpCLezj2R9h5BK6te2kg074MNsVymEWTEgBjKNVUygbhCMuWPqnEHnSTfuQCzU2tin1aY0tu6TpE7OBpm7uOtRAz4ExQif7WE46IRQHeYjGcwKgPAODA4zWQSIL3ZA6k8miGJYBEAr4KhdqsSmQCtyC8lPanmWRzlhgadOMVXEUQKc7eCwhbbuQALTidi3gHj4PtDuW9L9z5URnjtbGgfXiZBgOBJOETKMxw6ce3QCChHx8Sa+G5on/6sj9j1e8KFrNHUaqvwbbu6KDdjVqiy7DHqnGZdTniqekpdCjEuBbMfd2kpWNWo/18O6sEgBawssOsXtbklaNjHVpkenHXvs+YLRVKxB17MyQFuhmZ/P9Y37ktQcUm6M2zMISmM9mezlGbVOiyVzCt3PVRaq3rC0iPTu7HrtISQVkwKoPDQwaJlX0MMZW6aG3VO8aKhU2zKMgcOWOjaDDar9sQFeqatAG6mUZPxtESPWI2qBZ0jbNjV6gkq0bhEwR4n03Zm6Ao+c5+ar1IgoOpzgTHLlvbHg6fOr9ZdREjfBQvznQ7hX/RlqlvymPwt8QWmbohOPG5DfnwW8QaDGOfXNdsH8cwHSUzDf4I99kI4lvagzTheS9gY17gzLgrjPC3gCKHj856g0/huNuEfRmWHltPurQvCp4TcabMo4FeAlvGAx4M4DkuzkfxLsZF0l3U24Id0PqZFOtZHs293eFYDd0uW7WYo1wezChbijynQ4DsEK/Tr0MWphbbjSn3AiHm5fH2obV1WGJm4cON6g9qTDCH2UrISoFbhxnuw8wrlx7GwbL2wQdKQD9wzS3MSIxaBBXDyz4+EYtrTaFZH20tolc2qZe17uVbX4fK7LXZrs2tlnMqj/X5vhaG2hjbUp8snM+bg5q40ZXyK2SoXZXiTcHN9oFAzfOS6zy+Ju2MG+D1rsNmpiHO7fRrN8xhProHGzbnIASjGmbcVOKSZSfLbItScM23+PXBueLebc2zfdZ9lm1YRgaulEbIDYU1abNCE9SfE9s1qRNrQRvFLdBG6wtUNBtmTsbkCuBQCdhXBVjuL+XvvzMmQ2BMRsEYatsy2beZM+UXNnA0vCwXqkLlyWb7t2RTawhm83onkiuHRuXxeQxY8Otq06F5RU1UIm2B5s5I+fNgc0HcomeyU9zHZ8mz32N7mm+Rn5mGioxILhJYhq4BaYRwL5rZM84XOjEyHDDdQ0bQools8kwm3mMNFzjNn5rsnp2a1QjxafZmsdmQj6hXN2DwkZrBhjV/92CJdNmDc5wWSMadZEeayr6akIN/wzWlNFfTXjs1UyVu5rBgUTnrWY6TdKc1SA0VpMOu63zBMO2albaVY3MJLflGfZwg5HaOuZUkPFUowqAOEUM1UyHSIwcmgNqpybi4KZG3Ec+1FNKRCgvNex+H/w+5xmpoeGjZluJmNioGcK4qJEwEzUEYWe6hZpk3hZE3i8aqLl/8E8TIhRF3dMA2yNq7zRwrdOgxDnNrRqnEXXfNONmm+YWwZJlmmYelfaA75kyhmmu0y9N7O3SSGI6w1q5pXH6IPJKIzkMVU5pahmlCRSfNNOzSbOtLmlujYPaB2Fibw+AgG3IfND3R+NB4EuM2KPRqnBHw4oY+bzRMCYWTuQApzEa2H3R7McWzXfkiuZyG5DkiWYsFg68jk6yX7AxSE07NLHkhmYFw7w8yaYTmhtGaATQB816NmhutQuabWCCprY0cmGB5h8EQL2SQ9GRg7IqH4M69zOz1fzM273P3DDPX9xDENEYNmZBfXzPKKPtmY5vrmcYaXrG43qeQZP8YMczlWgdI7L2z/M6I0vzkQEEedaZqeR6nJmBYuTbYOxvhvqxwYm7mYmam4k4gLcZ8SxrM+IEZzNku9vzNZNHwb69928G/6COZhYsIQ2Iv2zPyx9zXoD0MtP3Ly9cdzLjgCdN8jHDRaQELmbmNTGjk4cZfi3M+BoczCBjAzPdNmLPvswfmlCbl6mJliSQdZmx4lkedS7zezMus3n4SW3LVJPuybRMJs8y/X7LMtw5lrFNhmVwX76iXZnCzwO5V5l3rMrErFMZlWFUhpopIW3KsE6MOpMyDj3KRIlFGS07lCEaDcr4yo4R9mSoa5G5JczG3mT0sibDrTMZ25gxGcwhn8yWTBmrJAk3GHqSWbUk8xa8l+k6kulnhmRIgxrXjgynmVrq6/VBu0UisxraU4vml7i/ZhQyMKXNHoMM5ECQASlAIPN8QX78MaweKM0QfAzPmfTQY4wARpeBx1TBHeM8yq1AHcOV4VOrYA5CAnLM0EYckzNFWnhjKuWhsWu3AzZmCDYPa4wkqDHSjcPXmGXzKlowY3igjIkmpTzGGLpAjMFLhDG/Aw6AL4a7nkwDthiLOREgtJghdX4CFvPEEfDqggIeATPtI7YwppjByEZHFDN12GqfH1CtL6WWGDRSvvIVW1JiciiJqdHNvG8PGB2+CTNAudjqKgIxdCUIzR+GhUgKYA8TRvIwbtNoAnUYXgsWRRymjptxKPCGgUAbRloBGaRhioyzv8VUElVucYbRQRmGdoWLgGU5AjZfGDhLhpHR3aELs6+KYS5as9GxZP6CEZKVycLU3TWorKNWteoiCqOo4KzyhAkaQF6WMLxVsF7MO00RJtV+FYIw7/A/SNjBNCthGjeYNMRiNYnBVM2kXP5UUYGU4/UkopATTEZB6TCCgRu8wcEHhlCheIvBgi1kYKAnA0wFJrl88UCeokAWMAiYTp0DTP1wD2RKw960P1ZUGpnzMbAQ5EscQyYyvH3C8HUM3jmLul8ovJJFux+IMSnc/drVSRsqgdKxvCD8Ja7n/UiXi+j9iIvAQPd+0hy7wcB8vwYadO77CTam8fsJEUtudvn7hUPBj20X8JcGoRws3Uui7y4cBJYIS4nUhKUSpmxIinS3IjnTmzUsY6I8iQnQAl7VjDkStd/GQIRCzZTvGFrLYEylvz5icSw9GQeMEQmivcTCLZnPJha6i0hQ4lIbT0OxOHvOsnSNYNpiEkafDkIJIpF0aKJZjnK1CPk8mM/wJrZ0A6Hcgoe4tHbcCOmdFZCAJCAATH/Tj0DWvK4dTMQRJMbXDq+pi6wQ29Ft/oCJuC3YRQziDPVuEbgEsgOlIHy9gGJvuPQm08YEU+NA4vXCtsOhAVHZMYa0Adp2kNEex3DLwG2HihlZeAgv6BAOGl7lI7fjgJHALksdcAYOfUa345YLI34BgkHPBmkGsTMeBO97KjWXC4GsIIS4xEzEbCBQCxcIF7W23AMCn0lz2TSkgQmFUeD5d2Dp/sA+A+KOqAQk7nDeINs3izvu7D+/oXHHIZcg24dp1we9lSJLhA3gI5I7hCFg4VybbccH6jF8AGqfLTpWOBYUhbmDEq07YqJFHIKjQJnrjkqtHhh0ehA6k7Q8CtKzv8Y0z9o8fGxfZjF5sNstH3MZH80PJeZQ7JN3nEHpLyvESgyq3pqKy6qFEkDG12zeDv+RL41rT2zWLY0d6B9zduTaVfm6XZyY6rDo4NkydbgISOcqQ4pxjKCp9cTQOQ0VjCB1Mq5nZA4bUZIsczm0UzmYiyOoYS4byuPQ3GSQm9cMlo8zGIC+n8QBkDgcTLTFo/MGehqwr3moRQkHBjtbKAtvr3hAbnjYV4Q6FP0OgSaomV/Dv9yBrNvBfZBY94lo/5tWB4TiCm0zqYvaljuHYLF7p40Oias63hw8eeZg+uUgH6uauxF2aYL4f+MQtF4c9D1xMMsPhw0XDqaDGaiUGZpq8vKGYHNMV9bcgKS4AZBgz1PbIKS1wdO/ephTUIP8FeguU3LX1wBGmQJbqf8Mv4dQL+5cVwMrkZPQ9U81mW/En43Zmxry/Lc86GlAntQ0WN6fhEsaKkacrxUNCB7kb2gw0LDhfoZaNNUfmmkDHhE5W2tBnp3lq2hDswysL4kBWySrDLTIYPJQ2qCM3jvJgJaaW0ksMmQwBxlU7jFIEXwcHPGKTbrGgDsQrjZhapCCMkrQLMcUw5yWGHwGjm+HgUWi+uYC7RKKhSDY2PIKVq76L+wj3T2L951dYBgpIQyRK08DDAf7CyrgR3xeX8isKhS9IN7AefKCJwjFCK9W7AKB/ZRaHQOGC2eZ8IKIlIDLyAVAkrigMnBB8RVKawIqC6q0hb/OrIQtoNBl65H8haQF9mJ7OBH4cFoRQQSUYRawaiQ9O3xldahab/GZEAO6QqMQFQYMigOswIilBAPShUwEGIbTX9ADY8QcEKjdZbqSOdGFX6QXmqogLN2Fpm+akBXwqNtOGAG/BGWH54ldsi+bbUjvKcFxSnDBW2/BwQfBsNpCBLEF2zfh0v5NZLQWMie1YH8RCaEFPN48yixkXBdIUQWtKgsP4sVZGJC+78q0dgx5hYTt8SKWfW3kVD+0FYBxCNpYyVTEVKW4IEdwQMM8Koxi93H2SzAVbtKKnybgMKRA/NhAj8KU5p5FhB1kI7UcNO5aCgtKKUQj9Cmk4KCCFhKFxTyHFOPmUKCnhpiMNoXC5usmxY2btYaVZnBK0/FOuKFPUEpG1glX7An7rIg6JzhptL1INE6w4JvgBqAdoAigU6FpwqSHpW/K+C4Wq3NMIDbDhJUZs3YJOLLXALHw3rwTWSCMRrF+4rzwqmfB/gCsGRD2skq4Hyhwbo75gVP48PB7GJdztl6G7ntAr757Mj12BYf3I0oYD24aSmdxrpQill3RMrehj+2gxhY8UANLlewAwXUw5iEApW+4im+j5Dlohb8/JoDmgNDHBH+en1McrDIc6Lrl7n0DbbFavQ2E1gYe139ULPkVfA3SzIkUV4O3Qy9Wt3sn9VgaXLmWjibXCDCbUJWb9WBu5swu8yN3yqm+hG3wAG2g4eVZYIN239pAvZWCawCvpVJ6Yy1+/4kDqEGVCl1sIA36l4kc0IAXAAWBF1wQuA7EfnaFwUA4HHiq9DmMAafHC0hwaxDDoKOOZwCEQe+QnAAw6BFtdYIvQIteYExurtgF2VlE0hYYOixmMrTAN6Zg8oSEtADeIS5RFmDpLyBfMBaol8mIr6DjVHpRhvoBs4lMBdtEBQfkJBxNAYbAUrBQC1LkKOCZQWqFy4CgAB5DIxoKSHZ0hdABcHYCdOkYuCFETvAoo1duAuQpocVMgEWyQiUItigIox6UABSTwMj60RVy2QYkmMEjULMy+XIAFtcAO65BYART8mBcXO3+kAiYMXug56mJWBJahcZWrRs9ghE30wgEtW3+BEBgMSKdUfsAKIXwQB8oWuADp3ltAnpgTLseoY/Z6DpjRj5xB2bkTBoAdCB1dxbdkuWjDiReNYE4oIE0L+Yd/tMKOwYcmLz7qccbyACX2zY8fbensSoECLEicWFEhhjzy5fAKejNNJqcW+tqEUADqTgDEuOKGJSBjBp7E5X1Ti3GQL/bzhsq9gIMaFxioPZKgS9AbiXoSAGJs3Gsair45YgtQNAAdAJaAMFRAgexCMIV8FywAiEDiQUqwJ5eWYw0QMCMuQzcE2hg14rAJgNOPQa8BR41SqbRCo6UBcphLCB4wgJhzlfwxnQFGS+2gmlkBabzY/v2XAUIk6pATaaCXQDjRJ6CwLRItBOhRSjCzKjiyZ3AaE7gI9XMSvIrqmJ9HM5k1uQiILqFkgNIAO82McO1BR7BHxxBw+JzAyO4i20VIhhMh+ACMf4gSxDQKBCsmQtcRhcfsNEeKPiIX1CJxfTrVLPQAygrBskOOFUHPIcKdbOeLFKSbkC64oCzC5fKLYIDsC+YZAMFXAMyn4sAnSlYBFGKfDmWgbjiOqtCDpVtwcAwMIFgIAKkfPQCtq+o1gK47AIDVIM00IlcIAesayxAlltgaDWafQV8DDxy/m0FeNhVgNRUQAbll0xAUsPsDAtzgbYGVf0EmhuzqOIF0vbxnRC1jMD0f8PH7kfZukcRdy/HFWR7HlBGs5GAkI+AJ1LBboroWNpEQNOVIoIACkBg8CuKwwfURg/QQSMEOyBNip+hf2l/5ABd4AAfhccZbEDPATXAAn0D7K4kgQawxgzASMe5oHvNHhTt48TBFi7gCDUM8IQVLlrAGiyg83A7qADkgFr3gxSgAxSw7iXJQQm4ABLgvrXhuVSmDkwfQoCliBR5Cx/gmx+BU7zDAwxFB2jsuGhsgHrkUWzGn7XBGfT3+fNKbglgAX7SlukzKkD7gwLIPCaAIgS2iAgw1WhM5ozDAQy7/RhzYTSAJxiAzNA50/KVAXg5rsMJ7WMZFQAAImxH+B8gYRhYAoCIJ+azWFQVACRMXoMuVIdGppO/2+mbmEqYPv5f0F2h/b+HRM1r4QM61yD8933dfxLk61T1T0PdX02oXsuCckN0IDF8QTaupa4qEVJ/pBY+AG7FBRPJc1igNP6HsB2iMjt08AbGc8mKsAJxvyzSTDFTf1wMbv+EUV1/pjvSpCt8Hn6vGjRIP6JB/JRA9NczvgTx/NP8AedvV4HIcNNKYorsjpg1DGFGGY4cID9jHP+HA8gpyui3B/GTThj+yKpGCRIlafKnmgm/n8Y4+Dm4cMD3EUmfit6/ahpiPNh9k9sCgu7vCrnv6srR6IjYJM7befo74BEsMjv6hwmym0KuS+s2w9pKMS1NsAwxFcaouyj+KdhHF/S6VM9xXpBWM1fK00opN5qTSyrhp+PkTGKYOAxbL9swhDNBnncl+1toZKTG6tpEIytdxGVarVhAuSD3V+UE1upPHF00Dh6IZL1dlNl56Ml9rO1zpKZ66lBcdPgs2M1iKXkTspez9JCnu1olO94se+ugBW8gU5JLQtUUPLa5kNNvcSttrvEtPWZzl08dV4HaTZFIyGVO9bcIq1BeLsuulC4DchLokH+Cf82WxsMaAWu11D8wwZJSg6XVVWtGX8H9Iy+qtWUhMDuGo/Pa6av+TzOk1jhMGhGyUndVo08ZiV4WApzOEvBnJsKTzArnsVM5FeQWhA2RgNfA9nn8bKJHV6KBQz1yVEB/HAtmC2SSJei1BuDQHkPER+hYkWSwTJpLriu+R2vRl+TdoIOS6WF9BTrd22MPsTW8GPZml5D0MxkACcCgCaRGvCB6BzA4lBM6pTcfYWDisg1ko/gB+AAE4Mr8aeis95L/Vywy7/9/4K2+eVHxZFCw3BY8YT4jBV0dJA4FSRZAHCAK6uI0WKvyioLCzD7CXY9afEnKr6FMYZCAtSVRXMDiEfZ81ZZ9ruqeGSB8jM6/J1G0IO2+757OfweG4W9rCDVlFfnPBjKlgJPXhTbQdm6QbQNdJDmbG5hALYLzlnsJz+uSLZ7LggqkK4l5UxuH9XUsO0jvqkgx7S9tW0L0ljgESIBGsRAlBx0BWLBngLoD1oDIc6bihp9VZWR5R3GJO+oM/p7Wni2NaN0tP6OhApg4AM131qv/kIzsyrb5+m11cg7ZL5jXSATuXqIKwP/0/ArWEf7CbUXF9myxS7CjS4fGtIcsdOizxAfjfyp85gAaX2wRK+BsqgYIB5r22S5eLET8JU92Be5dnj3tDNQVY5rcaR8GM5CI8BBjjMExXggdAQUB9ABXpqdDZjcRvnWCRWEdLMYWrN5qSnPmqkCBLVI45lRNPqTqog6EqpwJQpJQJgglcY5CyfjFEdTbQJFQkUkVsR6XgYhro/4cmyOKVBKFuiKVRF2ThGowOUCmA5MHaTpwIZAseLYfuBBIAx4oqqJMksiBhwRBqRZMFAI4HO+4M//ZFUc0WRGP6ZJEqKwAMRiNyBFd12RBIBLlekQmFyVxkCIQSoNKelAI4HCucdntxkkAGZXRL4AmAgCAgoAmcprIOZYviQoUmsTTvLVNZby1Qlqlux7bp2sSV9MksIzKSKWBBw4amC1aZcI53LRxXy1UVhQeq1ah4yi02NQvFUfnJvascdg7J203buZ7nX9jE2xDV7Fz3JnfLGuf1XJgYzc+670Vv9WyvpXMFl1r6hLKWS12aVva/uwW7Fq99vH1eWG80DnbmrO2r1dN5Khz2MWZHiZI49yW4J2+R/mNg1QR00SarEfjbJ3OJBPOVemc02dLYEFNQUYlbpwh7gIkLcYtEDNBFIpIWkhdxtyXOnHRMXQI9VrnHEpGE3msEJ9ozWe90ay4ctjXISF51ySm2bJahdAf12rRKkl8z0eToH6pCpqv4vaWmZRyeB26jEqF+8ZFYTWs0BoH4Vqedbt3otRn9aFOLrCxObvh+kcsIAIEFl6i+T48SI2z9caGP3nmU27yVhLqnI1xTOtDQjwCTaRlCzMP5cWuNV71mDTvGIwClX1PEwW3Wp469qtdxxmtMzNpjS1jtuDokPY2m2Yye47wGbvtj7mEGjGttxIdv9OLNXac67USyonlC5UTYzDG4O3+dh+jYTSMJnHT2HViDMYYvN3f7l9snz59itEwGkZzrWnDhrC7u06gdcKsPI3XP+O+Hr1CKaU+t4xf3jHmEjLXc4THlkw+ldkCpa04yptFv/7Zb44O67XRb8UzwuNssVgzWjUsW3CVcvPPfjP81X7+/LlSqcWuzAifwWLL29qtFSxuNl9gYy4rhl1p3HFzmq/LTEOfDS8vo2PHPnPGud5Y6TjznbMl+JUV/8Yad/SXLqNHv26BDRsLEOS4X3hPhBE678jKwnsiw4MYHsTwIIYHMTyIgfEgxoMYD4LeA70Hes/ieY6zeJ5bYMPnPc47z3uw5zHe4p3Ge847t+JfuMzzCDwo8423kNZ5adt5XuMtpHXewbAx7nnQgxZvIW0/m9Oqc8lsoq+Xx0p9ygZcq+USb2FBpKEhwuGKaBITyQSJUCAS9YDAohRQpiuCilhTRXlIGFwQCoJiURPJmirqmkwOljSBWJSC65IqyjSRHpGGyMSaHk0dS5JpMnsyWY/pmkimyMPDcWV0OBaO7XmN14gcN8ZumvrdRFHGamMXsO+e03AW8qVjqd2uuITGHTOJ+dumGTn7tuWxOrHPC5uVW52yK1Di7+nf1+nMGw6JTKjz3KB0aEYAAAENwyAIAEBINEZBTZMsTEq1DhNAAcJCQnFIKBQJBGJRKBgIBAJhIBgMCMRADAJAFMJAEMbRJNpuWLigLYcm9Qe8e2J6eeyC4mOzWeruTRitLH+f1LsHkDfND8r0Jvc+JHPmQrqIEP8Cx4KDRT5DoDjjz+V8qD4d+s+6FF9b5zC60yTcu9n9BuRCCnj/EwKpy3rm2X1aFEMoLTEFqsx2jNKg5TU5gMBixxgeHOMXdmzxw8u++GpgK9c0FYjnG2YC7GvLGZiGwzZZ63nj17gFBg/YxlGTvRGPxunRcUuCu+kucln0GT4T8x5BZ+1fwwooswaGukI1vlJI2xhCGeTzAykWsDl6yXt+JTNEVA1w5zpTgRw+SkyAIJsUHawap2768t7DaC2jWvCANVxusv/maZwuGsaF7HZ3679uf4LZ46FyZXelaRslSRJzu5N7qTp2/xg3oEd/PrPa3sZe95GQv7NUIdUtDZ2NBQKG56KWAEi8T4EzFGf21osTNcQ2fBboEOpmGwntDe7OwOTGWAogmu4JMeacrrBqWIoE78wZo4J+3PX5MYtIccKi1PvOQRHOSUidLvzuBJoBnXA1RAnIdyhox8OUyABG1TSPAuILJOQG4VA8VCFGEgR3mbi/EAvKKcfBKlDrL8S5zyiSlBXc4ETMAa9nH5rPtQTsL4NZIPTfeUPOxVTyiTB20YwXlTds0HlebpR+2FOJG+lH7LKrDPTROdv2jIPorK894mTo68hjchwtPzHDRYya6g3KSBGJweUWdg8eNft17s1l+a6xyWMvCtegNm+Y1ij1I9B3ahvosR03NDnHRf12x8GM99aJBSSJIkoykkzkz2Pn0ylHw7qp/lnE/KxD1iRQlslZw1tzdHchJV/RoZlrhDg0umAaHvSAl+ICaGkqhfu0XQa7w4nsgFWZFgXE2dCFwnJSOoUuT3ICVSlN1iP3+zgCkX1BEX/LHrG+NXiUayUbr/BUG5AI8mQK0n1p0UG6FpU1WQJMEWpbYL3twgSQF6XAXOf3x404UTd5jw2IC5KxAaldGgcguePJAPdnqIYyxU6gSekvSi60JuNYD0w0GJWNkf0Sjy8vKwNL9j6Igq5/HLJrnK7BYiY9/sQVEyD74DTxOF74v3ibuLInP5ghFrQCEdM+uv8oZaQdx5fIY3iEbmUnALIErF6cmrAXguQL1oeBYvREpKCiFsvYuAIt1xia+wgUKzR4yX0HQyOMkiHCJKUJKibtlFoeNh2LB16FVLD1hFLrF1IGZRkPNP0ziuZ/5qIuXD1qnaEv+1YmacBVz+7W1mAkW0ZtuLJrtVcFurW2BW2wAa6SwgGrqqDxgMLVg1CH1N5KCkq2hEUd8atuIs/cXRXquyqT5lc1lFfYY1qthbWiUMhg9Y4l1oD+4CgsBWER7256qsqxiriswRsD6AUwBAkLrVircCFJuz/DimInhOjoc6Bav4pr5HhTJvcFVAFe9kYIGcHpgYGFhV4RfbeNFjGCcWYHvE5/4mygQ32zji0fUq0q6ZdQVkcC+pbhzeayfNNg41g+sCMDjkk+7KsGm8/4MEQcgKc4AmZ7XIMIBjvmia8BRt5BHLe2OSeKvVVBWTI7xldDLimMDzIemCpIEtpVJl1aIUQfF88rnctTA5wQA1PSPBWnzlO9/AZJ1SUkP3y/4yU6YFHQne9HNmCJSZLjHaQwHj4gTe69qYHkBjH/Q5itoXS2RHDC7Euy+uTD28a+1TtwlmTygtnRaagu4ygVwPAJl5cKGfykOgBEWb8U2PXkyKehly69YMfjjkX0cDwXkLMskjehi3ic8N2FhBxJAaIKDmW6NRQesZNChRWIQDPvvwcYJ6T/p5Dw7JBimbRBg6w8HkZc2KeJ4n1w33Pcbw7pACyvH1NAnGoC4I5HIPv2Q0BgSUevgHpmk0BL81shmgE0bwHlbjOHLQGNUNsAU+07QETnTjuiMXUHkz8DYiX85XTHWB1d5lmolg/QoHYF93ZkT+1fnLbTL5EBLdDFY22k8F1k/S1EN1tqW8SQoTaD54mBGeXiAR+pomsCKRn+y5omqQNyL3zdNM43dtVIdEmV5vRPZm7HMDKgZVVH6qOssU43qfOypa6OzEt/ml1qpzmMpnBZAdXFCVoMaFrUuFrTS1i5USvyQNlZaYQr9SsReXnFtvS8GxoJHoWXe9bjUAmSnlBZqSunxGct6iAy1HCqozWTmcW+GcS1NOBw9zys6LCyDa1ObBWRDggQYbU6/VUGkOR0kxkForhAjyV+wtPKg3zpFIlCjPedGYGl91FyhUcPwVtFGaEonF5LkC+fJNIDXGzlQo5iq3PN6Y1yIzFxaNE7k10MLk/hRUwahRQwXSPjLtPBRHQZA3YNKvcN+0/ptjArBjjIhDQh342seWjVd8TQUwuBAZ6GWlS9IbbDUOtUizTKHr1uafoa+DT7CixTTPSaJxSt2F1oWihIoGEV2IODjIB2zMqN+oOgX5CF7W+xk9EGmBmUHuIVhlQVVXzWHybmkccRl9ZpfwU6uOFM2DfkkDSCXsRW7Ilcq3O2gkr1TP6OOesGHhNYCqJd5cQatgFWO9QFqpxQ0pUMSGIGoOsiP9LhFy1s/itvjACaxbCK0IxFYeawFpbqMypTBgtbOwNxa9ZhDhgMUKXIaYwmUCSCFUDTH69Q6IgOIFcQLDA6Un2jJ/y42745Z9GC+ScG7WrKeoskBCIgwdBgwU4I8rxVhLBJku0pUHjAWbQJNslym5WLyZgGk4hm+XppdRjbWdIUBnJE11QdD+igpibueHlzy6ivjtSaxL+ncCgQJPPqWVd5r7iDIgRTlJcmekzLn9Y8KI+diA+5I9YiMgSbkhHMhyR3x/PYCMthUAhoEMOjncEZV24D+Ko1ALnYLmg0jBSPGNqdJYN2BYyeVZWFQ5Qe7pdTX1GNHaeNZoingaojRogzjM+ktGWF0Ei2Y+SEUrK2Q0tU97BRbHM0urikmhwWh4HYKHXro96/ptIVgNBe4QFS0TKA1/WrrFfkisr4iQK643CS2rzvjrkYPwflzdCDGfMEFyGkaBGkCVgwRMjKokga4Pjj40CCCk+gFKqnSDQKqxhcgmEFTOimQsOiCGHjYomhH+aWViuCAC+jw4Adsp6G4tKtmch3S5mRX0RRna7YHR7+2RtWV0U+/3oH99KuwHqpfPFTz62sTi0UaRI2V2+6eU1i6N2X5OZHWk5vu+RG5Ie5GBoEdYgQvWuA0zXIiSXC43KEmxK+LtLoUKRChFLBRKs+NwsqMESlO6rUMPBUhSAk5hEakZsJoRhyPLB8JLIF23u4gn9JrDWkXJLqb0CGUMwT5wJUSTO6nMjkKinXF/vCojxJZnKJsR8kFbVlSwOTfQ1ruGNFQFJ5nocx3U5vkv66+zgwam2DcFQ+aHCBfAXDEnWUGFB503kGqyv/MVD9SyDD5p9Bn1eDTPOCpIDi0p7BFtLyppwMHkOFmMyxnI4XJCEy0NQQcQKe2dhUPhJDLXzpzVpqI7kiuZSZLFrkRR4ZPWbmiYHmVXDIZrWNxERAfJV/3DgOZtBHBqhgYERPlkjV4gSGnya6alryJd9zyZHRM0guxaUlqToUeqCaQZjEbGGGVR1FGcaUrL5glqOw606ca0bty6hyYo1t99kz23dv72jxP0n2F/XY0ZKyui4jl0k5Ma7p412sVERgiXP9q7vLKjE1LPnHbzy0GpA1KVTg3gbBXNpNSqOuVXKGq2S3wNS5yS9q07XpK7T6yUreV6lj+ChvoVYn7GUtgPbMwAXPhKFdlVqsNigQBtNPnRTxR0upgvND92DygXHtEwQUcv8N2zlWoE0GYnAEXoicgjX7PRa7GaRdZ5QSijzI67ZGICNCfqJZOwo05AjLH37r0Eyy8NjYQokfiE1gYl+PMwh+S2By+jTrmLPFGm4+lcHy6fC2SfqPDd7qkE4pgo2Hm+d4xmIFnwGidyDvJERwwipnTYbfpR15S7GszCdzZXIOVx18YP7HNDejkEkSqyOamhoh5/UKKkIMIakHQ9LhZ8XWkWoA49cliVaMKnh5SUPNZO1Z72sYUYojPaHxtvTYKOn7gE/soa2WMlJpkIo9SaIlQa+ysQCwDfreD3GM3CSaaDCTb0m5nNroQUpSz9ZuaAIScPCah9WylAWG+iqgHkVE3uFbEKTFErEENwnbRu2r0SsNQLc56rCUIH9oJFaTwRVFmDaUPGjQSsO4EWI/F2RLsjt9bYvXxst65otUyzc4Qc1fYJ0C/m3q2jJ1zdnJcnbExhGcV3qD4D1g2sLF9Oqat7uJS4Urf2iaHuvzTOQqnfKjCFbpvMCH1HhEHRkTk5kAGdVG5EsqpUYpiyFgMR6Lt95qUOP18CCet/EtQ6ablt96Q3+SzEJOaEebz+rfhBevh5vJzWnsRvM/r78aTNdJyhxGOpBNBQwCcUQLkHi2OHHS5qAM8YyYpOmK88rKskPDjalyhFyvah1WHrOsANupz240FaxIMITUIgVuDJFsXDHW5iQnquTho8PsO7AEl5A0i0kZNA5c6jAV70v15GbqJ0tQhaEPUHLsikCYUCuCbw9awGQgRzypjvsEd0wMtHoJ9iFZnZCr6Fy8broesugnOpJryejLI0VIdKdfNKxGUBsDFWiYxQRZqVCJy5hYYyw84qEV5KPHitGiZAhzTklj/Ud5hdkGD6HvZNlKP1BuBjizi/XpHk6STNWIzptxYOiyP3Glxk9FsXZN5kUAaIVlSDU6aqoRLPotZjYxqqx2ZK0fFJ9GZMDBE1wirYbPmwfeyUsE29NioO6o4vMtJL5XPDFJBZlyC6viSgOpUE4l9fvWsepku5n8XWkhweL0Eo6cGXxiaKgTcnbwD5Y4dSBuIjV/G4+QEVcHkN+Vrk/8R28d3UlciG9Z4jEBtsczDg0cP1qRvyuYULyhH9WYP0iOF6RDbSSdmeKXiATQYykW2+FlY8vSIFqYfH1I5BITp6GCGxc+Gg2pR5SHQcprKH96REoZZri0QePpe4W6jGZSI2JB9iw1oEFN3SBenaJR/kTshWiBA3jLTPJ8QXWJU9g1EkEC7VnUARCGVVSDSCBeahXmlvbJ8ANnZEU8L0oFqgoM3GRIz5jHsJLJn9FUvB+I4W2QQmEH6ytil4gKRGqDG5DBewYDugoA9XorfsDJsR04NCkOexOR9FE4SBQxb6CjtBiOkCKheJe6YLMoewNYY2d0+WEDBXbIAIYHLpG38dYSK3H9zpdGb0gVDQicVxlrPV7vSJBznu2QucaVhPuT9afEXZwYdzEAWDgAgoAuf8zOFhWYXGB5CDKFpS30UKdktsRF1QXRFdNNKUgdVpIs2FKMLhDPcPKOkskt26NmWj33rrgqFzvOQuEioa7CJc6DYOkJ4Sq2D+CSy1rqccADcw+DS9YfRXT4GwlJPJGusUi68kQa+hzF8hFfFCIZ86JjM42cCHooZ2eLcmuoSOrVk4gEc/pY0+i9CSrl2TsG1/V6w8oiHsg7MdbkhAgoY5F4kcKCv1eZQmDbgNJ0jCCpj5V26qsjDN8FGqeE2E3LxHEXreKN+VlQjIJA8F5k8AuWKy0c7JK8lYj1yDjDTasxCbserj1iYoPfI2cwiADCTjwaP0M6cH3fo7MKh4hjU5LFm2w2X4SmsfIHnFl/j1Y2EXHxuCEYs7g8VTBIRR+5lIz8rDJKiRvqeIBpGldefoWMErcN+ouNO91680ToesoQmYsEBNA8aEdUDodNXHcKc76eF8OXJIJYTijAioiBX1o1RxuknZwike8xVyEkPFS3dJbBY6+6bltCwZYTak5545wItchn7bBTcj5hfNzXowPkx9ur1l1XqEKWAiuL+MEXiGJtle0J9wVXv6/8GaJYOBb/Hs3igpswp46Re1OeQ1YWZOURfYYGyONX1K4qDCZ2uJQrjDxh5Bv2+NE1FgkXsyNHDLgjqFSDy2pHfsWfifjgho4dVXudyrlsjgjJZj5IAR8XMd6cwbiIXz1objlvZYhzg0yPp/cezpdOhgE75wFdUMKVxfwO9peGD5lQY0Oo99G17LHwCK/S8U9PGuGc+S6Ekow6M3+IOyLMN/Uj9xqWZ+mghaQo/P4ICrjCx6GL98THM9bQLy98WaPbTA/sHIQh7j6YZOChvDf7SMEVA9ZfFb4Bgp3Lgk6vC9QXVmdoKfqEhayjuMKDtz4qXJeQEHnKVYdssbW/4i505xsjLCZt1dzp8RlAydFLswkAPMFAS1MlAMgeIRZc0FzHdwOLMCE+PoVJKkKyZGdUQcOzeMFajzW4tzNWmPeFl639h1eshGDVb57awUsC0eQrXMy+YzBCKcK3DFCkCR9zUaMswoqMsjJqqIZ9TgJu1j3IsgoAwSZZg/yTNEA1QJngssPCYjo0tNJjAiiiUkAtZIGxxhRivTjhRedjy3JZgLNHZIN69Owvyr5Rv2KvsZMfZo0P1MxJ6oSAwq4bMIQkIqgqSSPDBZNY6nNnPPnEkaENB2EMOG0FuZkE56oouLfof6NW8JqwoZ/01XkSTxerl+QlW/BJeBwwSx5PLItwALkYzePRiPdjg/dhFBMAk3sLm1YGxMs5FZYduyAHVwmsc6RIJ2ihcg7Fz/xNtWdySWZ6PfETHa5IJQv5TpDY38R59lJwdYcqwgIJGdnrkY2Ex24NDOT5BMgEec0gJF95b54Z4LNp0fjUFCv8vAnzGX+loxNBMUkT6MeuqC6brMslSGSBrRYvPIO/rlaFw2YvVwXGYgUhURuCo8/t6h6C318L8FdPSWJjUxqPlOCP15eAfy1ZwXRjHgOGMwTrG9uLU1bYhj6wX2ScKk57KDCtT1e0ubVgqrk0JQqmPrxoVLLvcF/DGPYThC9MeWPFz4fe10Ku4Uu1MfKkYSoae7DGM0BY9Rk/zqsKpHoPz93cmfwgSMJncAwa3KfhhMh8s7ctIzfqdrX5aVxMA5Q5E84RKRZvH1klYmQHgKzDTlD0Am7aiEBWiTfeAvBQuJfObTJxYqylq2j7A69FYKvLoLkpLFVpgIWx2gZ34qjg7FFgCwlC8KFVN9fS6+kIKmqaLzIyNM3izNwLJQecovT83jjNgbn9sqIq0uady9Cr4+9IH1Y9g1V+a/c8UXcum8HYZe3H0aaEOFX5RzKCe2anuBVRvTVEPRawto/I8QWu1YItuRddFO9Kj3ImCK1Js1Xg9HLiVWOZJi9gXqZjmEa/lDgtArbrHnFj0ydSJgo4EiHL04sSdPGM9NDLwfAg2C6g1ocyjwOUdBQsy4wl95Oh/h8aOsc95jyuBf6XuQGxUCxTIWl/SMSmzNhBmStKAHWoHTtSz1VZk9bCfNVNCkhh9FPXhpQUmpa4hPgfVY//Cw+RaA09IukP97lMR6ijIVFSKxmOrTVj6c6UaqiOdfe4U2hfeIOWGnzD528UprySvn7/xp6QBCS9AxuA26jMUgfkf2ZO9mSXax/K9kipFs1HGwrz+8uMtXg7hPlO/Asv39wDQfnnnfw6x4kKqoL0VJQyFb6o8q1ODts/qrnvPFYOtVJWCQQEJIgNH7aygd6nqVxHF7jMMz7UlL4jf1gNlCkg2YgN+stAr2fL+CggLZniYbLdJTMI4fm8Yns2LQvIWYbmeaZvu4WWf0jnKn3BDb9xAQaXfqNf6oJ8Fl1mQ3q1Fh471tHRsir0o1deSe7GIZ0pjkv7UCNVc8wc6MFBXGKciDJKLD0rS+bow1wHihr3sGNAXjseusd/UJ9GzbitU505Mzzs+ziJ5jgTY4uSIn0gjBoDseIsA+Uh4RR9yOrSHoMYldp+8yrvfpWnjngK6T0FQHVjFbvTug+5GOWiRab6xoYXvbHkF3Q4MkUGy2L/Uc8yXEZ6VjkOm0GU9la3ojv9cTkjhT5pQC6t1/RrDRGVwnFmVvO9turDyW4Zqi2TYpFPXctBTMSlB3gtN5VkhBtddrYg7F1ygHq2QjEHis3Tcw29Yq7B7fyXx/sahm46seJ+X6zWbKJ7FRL04o/Eyj9ReizBKbSCTzGEECGK9glSlvVCvI9YVACLOkmH3PmpVnfQuxKcxKEJr5MRA3jD6NmCF4UE7DamxKgLoQSl9/n4r9sMavxiWdUhDVdx9OQHno9+hcudDNadnPv4gsF/I3RbjfsuN7f9BAaBmDiOZmczSNW35fd3xKOrjtv0FUrNK7VRF8qmBFf0oq7s8SGB5c1aJaMCYVAR2bENtqWJLheXKdCR7b2V4xh1fn5V2obgpAUUzt5TVksAGmGF/QxtDejWg4LMiIRSlezERkX6K+HNgS2qc3qm21R7MniQ/laXwbI+j3LGYPr9KvJC5BVdOmuhv2PKLSK2gXjB2jR2MAG48KwLLIcAsihVG3C3AQAJlNKFCWmj7tkCAAD4aUmm7nXtByMguLOzs7Ozs7N1SId0SId0SId0SId0SId0SIeEWG0eCQlitauKSRiE1ea0GhW5mmHGNMyYB6kIagYK4mBplqVZlmZZKGqhqIWimkSTaBI7m8eYZ2mWpVkWilooqpRSSmkSTaJJBAgECAgcnjEyymM1ozy6TiLEEgz2DyuKohQAwGojq01kIqsdfMZoBnKBNINIJK2S5fBqh2cKVvuZAq7G7/f7/X6/3+/3+/1+v9/v9/v9fr/f7/f7/X6/3+/3+/1+v8jIasiIgYy82rPA0jRdWDHFrBiDLbCTJk2q1Yxttf9P6Go9vEoQO3zwOHgcPA4eB48555xz5C45GEAuERFLLLHEEkssstpEjIkcrhLEjHm42uQTDSMaDKKBVFJJJZVUUkkllVRSSSW9AwS2GnvIhGRJloRRMAoGYYYU7EMyCAAAGDiYB1VZyDjnPdCxSvCj20I/DfpklzSLCxeiAyPsTkKmOGgYBM8jY/D0H2FrAJrls59Q3UvChD8Ml+Pn8LI1gTOmEgijBfHB0lqMP/GccWktiKB6m3HR0JEO/9QSwrULyLvmb6+3n4at4+/BwQIohLSN0XOOMBDGnhYUKhSuMZI7iW2LTHPxdXKGAzUlRaKEUNw+38ROuHDhlezsTiKJotIwfDsVY4BDZH4NgH079if0Cm+YmJiWz+FHlC424IyeAQa0IHLElAJ/IpmR01h8QxmLgVG5x2fXYL/MvJobhbAjPdZjmTVPVUDZQtyfF4iD/RgJF4qM+4A7iQ1FomF49bSMAd7SPXYNgE0u86jPzYTXh4mWc5Z8R5wUQntrHV2Jw1pjDxCB4HgsEEuzHbTpXDINa5JQNJhKH1JYd6+hoksX4QrO8Yp0gawmBYFhBMi7Bk6IT4006G4AwBicQYM3LOpLSRfoorxPgDwHHgL8YIXukhYoIH8/8NPpjgcP2G3TEoFvoPIFsF2lwLABEbdGIpAQLruAgqh1OBjAqvaRKqh/I1fxiDUdBf/YihK2gvyCpm8IAhdqJOkipDBLCwjp2IzbAUD8cth0jbnHwQKiNCWaClzi4wkaTFtZKCnLqnyobxymU4GxURz0nvJFNLCIYE4dju2uBkXn4ID0iQnhwXVDlL3hkb98adVXFpJmrRuk8Ki7AA1BEXvucY2+3CoCIDQyNyWBqCTmRnAEiXd7kzJIkYsQL7hfjv6HKAZWYSLDVgJhVwt4CwohxiaEGXjllhIHQiP2LJSzlBFhHntOuknFQ802YEAgiowmNsDzlk3CDwmpurpxhprI5t5viPFQ1N0g6iy1ZBCxrgzcjaeW7mKIdWAADE0EZAeAXIIaKu/Vh0dqaYdeN+xolLIopULHnJVMf9xicA2N7iE24FNKtZroZmasH0Ayl+qFO1Lwz10snRlhicD8LB92q56xpZo744RIAj6nMi3SFzi3yXFq2YTxIi6aNm8GlPeNIdbYcgh/ELwT+AS5gAjjMO94EUMtftfVvUPzJURH9kjURVoVHgB/RnXz2pkgSemXQSOf9GAPSzNqE1k2+8Y6cIIwaIfP2S6GuZk7KRLOr55MDaM55q55oIKyBwMdnVdM6wusI9t4tt1kaD44PLqb8YCAscGfUopWk15mxsAAktGoJNyRAK+7izUoS7b7f+gfgvHMxniXMu3QdocY7gIC81rsOYJl5pB4EWVNhTeD3BeGIS4AhOLwBz+D806gIAhk4O0sKALyrq0h7ARyJ2r7Mndb/gDK/VEzC+n2J48NMx5HkXD0+y13vh9fshRJM8Nr4h+y/B+ZG5eiGAAcgh8xvQGuecH2cJ6/Kq4JSO4mLrV65ONBFZAj2SFmQaA361XwY2b24ejD2G9/IK/v2wgy2d3ykeAqnvCCJuftDgSqMoJ6Amzr/qkA24ZDBOrKpqCXwc49ZHX4/WF3gY7rFEn+QcIZ11bwhLF3ATplpRD2gBXdpOSvFmd/+edkofR06QnXqGSA5ksehsswYGxXBXvHJJaClMIMCqAwbXj6xHbjiV2QRf9z4AMWG2f5/rFUmwX1QAoD9ISKGGkY/GP3yMEw5XOI2FheXAK1PyglCD2cH4D9C9Hsu/ej2Gwlf09scgWeQ6RpXQbe9qbwKDxgT018BKJMQBdQJjErxMlz74hgxqs2sjS1jGGOBFRU3BVBmUktRMM+Rjz/YewcdjFIwZweoVEkhsor7BZoToj3BCChA4sQe8zoS3IQC3oVAu5zaDOcEytGAodCCd1VtHQFIiomEs0BdxESBnv0ti5KNgA2OzCVg7uucFEgK0GIJY5oQZXIF3b05VPkM+AbiiFJGAA/2Z/Rh+1GhLR/pqdSc5b00a7nAXg+VAK6BTa0M5OFPzl4J7A5NeG6OYiZiY4Fg4vmD2Cg0mBxCVO/w3KgMxy7gv+ZMhjZwLY7KEX4spPHAZvFDNE9QceYZRi4USZKAL1nBimtz/Dth5iEeHgAHzVmTUj02SiG1b0QxOYAyBRoMMC5nGIn1OQgV9z8b7ogwuiei1tHtlnAw2jgSQBLB5EQI5ByEGMWAjvzDTJ0HjKSQ6xsEiBFTgPRfoIYB4UaBZpjsN2GkvZw2yEgInJjdpT+WzCQmD5MExZcPslcqm+VoBVAPTmi9hQDeEc3NgaQ09cFimzP22fopNayKPLMXFtNOcExHtNCAOLxfyCjAQyGZk9sNjAqSraBSbMEvKcYuPKDIN/gaiAMfmDBUzgEnrkT/Eo7gDLfApM9QNIM/CyBmRkI2hOtAMIfnbc3VJzANrw+qryAromtBjjWgkYFz3BQqLDCrDXeKxAtIQgEFJW8yB3yLEAQUIekgphe8q02AcYPS9cXD6DQPZ54UDcjqUdLHMhlK/PiWrSOVk2FkH/brDXASpOjwwqfoqL0JXvUIpGKKAedehoZRwE81JNyfRz0g/flM4xwoNRuotHZl8pu3aQ6CeUR70hUvvzmxv0qYRCT5NeOl0UqQL06Egm+AmL2xhm5k6zQGb0DLzOHy9YgoZaZwq0O8fUU+AgRnRCiP/JCHg94PxNCyZ4jhZOF9YyB2es9xcN6qH4zewgyVNR4w6elP0R4GJPCjLCrDRaHCQnbMVOwCmaGCEghAqcjZRfUXkKHNQYEO9AdRKaZ5Tj78tnIrdHb7kFclcAhohOTPgW46D1KIjd7WxYVwt6/cUg6andAEb0j8KYv4h+McYNglK0zzuY60nOhz1PB6Q9OPX00XGAkeDQV/3WOCHMHAUJ8SIGX9iKOTeChF9SAmcUBoE8Y7AjK/bWtCB0g1AwYeD2TyR+Z5KtI3bj8qvdB6V/UOgFYYSCpavjSo38v5AEFxlh6QFuwKh93k4Z8B4xnyYF/zTwrBY46gNqsAYoeGOEBAkBZSGxGkvrf2mIweIS0+rtxrVn8LuG267TogTAvwPfRmLE4IAGoqEBewPWSd4V+vdbLobWpdT1+t6oGQdB5QE8IROF1M86KWYwfuP2ARusDE8MA+OdGiMs4gFbRM7LHMGiGqga8KxhEeINJ5pl+js22i2VDtEqwo+D4t0/1/yx5aAVjd31irGr4Oh8iYPY45H3l8h8BFwC/D2gA8pQCzJ76CmTIUkBwAUCReXoM08eTMXb6djGjmNFdDpFMPLILhMyh+Smg/kJ/MCDFvysLT9xNTazXiuvaIqR67U8IIqxKP4UKgHMQLugxoIpRXEzP8OfHRBRDJLxIxjg+JpzhD4CFEHbocaKKgVzMuPAJGcdw3PUw0oB7fJw4MckBs3CM9fDQgI98PDmxywHbcCwQw00As1gxPhIeGha0EqaF1dWB00NRFBAdk+F4hpXNbBNhJWWTCHr0u7ABQBsHWMERayqtYdMPCZ00uzyuyxAO4jCUE4knoA5v6IGJfByBp7oTfaz4Y/JQmVwlWE9roSMJRf3AHGrwHKt40+dd9A0KXaTViXdDTzMws/HyOsitZpEjkWIpRbrDxcAZsLoTaBPy7y7NbR+RCc23AjtOgvIM8ipUVJYrEKEzn7NQhdTYDpgBHKjhdn/AUNtcAFaavpQDEq6JoYdP77LXsU6FdDLUDj2JlHbTHeb8M+19zzo3nhIiym4ZWdNkYUCCLPbmg593kghtmbGh8IHAQocAAuO7wrNUqOjqEkrIe9dMVkT/GwkLLZA4bDKP98EmxYmkB9tfaeTdlklIYGrvUFD6q29hYB1Bke3NgIFEiu7IMX+EYuT7o5z1DncQAv/abiCweN2MfhobK4BjdP5GqQd9ag6TLqT0WhNpeKdUM6HB7GeOAYXoORuQxR3OaHgB4vM+NQKmkrTrllC+Xq+ZYC36gUhCaIHAsYk/vA82KUmSHs/+yiPvXiYRga96x4PSn76FAesIiuw3AwYkUnQjx3wHueYZ4o+26vsjhjUQd+Sgg3ajDqkAPsN5uSesh6MhSOdbmEEX4uyaRBqkpraZuEYmY46BziRB/0u4oy0X/maXdtpsa1sY7+HeCj5I4i+2i3aDFvEkoYbjk2jUjqSicsIhwWIqCyha2j8JMY5Giruzd4ElL+6+a2me3Dw/q2UV5HTfM0g2X64ECZ+loEm6nNidgMQ8A0q54O1wC6MEnOHRAjcHulNpjt1YV3/PyKrprn6MDKfUniJGjC9ZLdrZa2HczIQ6FpgoxlDkN5DXRaKK6SEi25DuhD8S2EkkcLgTePzixZdf3rBsD6CMDyBdZ2CbKNBf1no8oRPicng9BLvRPeJW7fjKT3uKyRAbqxGlf7BR6uWXgDLPUxGCYi8oZoAhVPNniXXwLg0irX6lT2NCKx8FQD6TJLiXbUaeedLQtuE6xhGkU9pzEDXlPxVoJw425JsDFLp8XcClX/8fCh/4W4OWlPSdgPMAlNXJYMHST30z0Ea0I6YQ/xwL3l2/NCANkPI8Zi+s1XCB5ZydVWIdjiIhfvI5RH35u6cIrSCFt8YPAWFuXRX2dfJ/ZtgzlUEMKI+92m8NbBIMfZ9rDxW5m+8uNuBOICR/xF29EKsoEzg6QZwXKqCEuUcydayXEUHdVU1qHT2+lXsYqBiOdiaeQaWqxIbFUd0tjj1xtai+27hKwZsQ3g1yfFd4+uMQq02AyViDcDw5feHCM4ZMKxEG+xGJWgCAk9RwFfi+JjfiiBpQIw6+84vsd4UHsyS9kTSK4o4Ds+WlkSxbTBG/hfv51sUC3MlBNBAh7nu0EpHen44SHQj4NoJg9M/NSEGSdfdB+OI9RNIHCxAN3Zmtf/bdMNt8YMdEewBvSxQPnMNItRpfpC+XVqJANT9F34C9VOk/bGE0vP8XliQlDNuqmTDIkOKbb+DyyEYHNci09vXZpB59giRJUZm3VpNg6GyQQMP/BVgYPWA3VXphRywEFugkLjTYVSqX7LZ0VpayhbXWBLHs/tYvgUO8id5NQJDnPPZcgH9FaSg8yrxwg0F+DHV0OCAh8QHC/DDnyxOmNYCguQile9iN+9z7BOZwV/If5J+USi1PdD6vJRzIJBnAp2w8ac8LXmGg7j7DJm3Yw/dMHN+FsW0IurQ8FupbkovwYMOtIgzvjrg6jAahbBQNgQeNVmoN4Fvu4yHHcgZ9JgJ/OxP6PQPUKrAdS6y6UzN1gy6pp1TEztysP1tIK74bZrdGl8C80473rPP0lNy1WQujNBrM8EaMCWgL6g+1wVH02ePKgn7aM0S3tXQlfyivLZnlHnX3qtjpRpmGk3eFEgqEur1Z0xJxJxicfZQ8ii5rWj+vM6ds7TVbW3aCZ53tNsn9dcvLvHfwu3NbOH0l/H2KwnlKDAUMawByzyQZgIchAEmSJNdFKCcSPmaYXQJ9TxrtDoOZAWVndmZnyCnkFHLqzJkzdmZndoacQk4hp446zpw5QxSIQuE4CML9fr/f7/f7/X6/Xxqg/p9JYSkshaWwFBZOLLEllVRSSSWVVFJJJSUGFUCTkCRlFBiDIVAcFAdDDeYQAyUVB1UMhEFAEGZnZ2dnZ2dnZ2dnZ2dnZwOEr7yjbtUAA/R0eyHRwAoH1wvRJcAC9ULsh+EH86jPXNeu/yRB6qyFkH3MTgoDZYWtXn9Iof4rYEFHnBCAci4X5FZNKMEPYOolC4RvEH8MdMuEpFkICWesueApxqIG6JgSIm4DK7pTCiDbzUP+cqOCdN97wTVUSoCJSdyQszSh9W0B/bHEWDipGK1AukrIr1VwM5aYBtqUTwogVAkRG32u5KALpVOhhjwX2mIhKJqb4clqEg+0DPMKRP2gxCC0OMcB+wsK2n/1R9lsKcDPDCEC5L6EXHpA1CFxIfQZAzdciN0WcfQcuyO0Ms2T6DUkZPUlG4raDskfWvciaP4I+boQEmfb0WAQI90EdEFChI5hZ+CsmPfR/oQaWPxZxAYuSf7wbBHjno9mg5YM+oQWoy2kKIZV6ckWsujlQmyh4x4AMwV1FmFtYwAFJKUJ5UaKDlSjv4y704IsCeRemFqIrxyGknr6fmjNWOo3wVYc8FNUUP8i8L17TBl4diCq0BZJyL48FjNJ9+KDl24RaNYIuXkFql9hReARwd8AvixB2Jxg7W6UKKh4J374dkgIfFWsM7Jsw+/ULAbY3QipoH7J8lEWqjsBLpOFSC2Pp8ylzQD+7lexZSALrVH/Wgege3pdWTq+a8chxolXASsgxECkwPtBdNoJIKh7sFYXIm01ie8+AV6ktBFtKOU+KAEWWH2D3nmIeojzJgEWkeecKonPYH16+60dNhz8LWgs97WD64D//+UV8ibwZvAKFSPGerbWprubXDPLswYZXAPB6fRdAIXO6bBX8E3tdETQzNCurZA6Yb51J0hrxiBp2YN9loDlYy4I3SEqHOgtj0MinMGDaAqQhDCC7TZgtAQDxwDRDyT3VIuAJkgZ8s0IwNmZ3ceyZOaY5JlzhQuLFs2pNoHKLFYhrgYP96qQeO57i6sqpNMA6qgKIS4BKlUI9RKWi0IyufpU6AsKYnEqBMAVB+cyFXLXHYnpUiGAXzgFmlSI7rGeIxWy29tnLWKLTaNC+x9wLjoZbuGRxJdDhVywgCxChTiexNtpDUiGcEDRFKwdrgO66QBQmoSVK3sKXeePangKdeRGiKJ1Vt50CqXTV8icQisDQP7vphB3/lTdppB2++XWR1NodwCqzBQCyuAFhjGF5NLfwWAKWSEeVzuXQl2jgFAlUGpxpVAdAOxUKYR+70Ggh1KIC+AsTgpBGViCwJJCLgBohqQQQveD4ydSiH7CU4cUkh+PZU3UAXnFtZcIGvVBOktwhdfZOEtmIUVwRAL19zIK7SIBWTAKcXWLd5ET2wA3HSdY2iyR8mdPmOn7F+yPz4D/aXyJlzNWPre6o6oNolC/XoDDEogG8lQDzJ8KEWSIflCcAaChUyiELvdAjla8eOPJrDsoZCcB1TQoxO42Y5Gg0Hrbr7UTXYGnIBWpsEzNNHzsRvmCwGM6kA6PCDbjFtt7lC3W7HvCFOHtuQkbcT37Ep/UAOQRG992i+pyrLV72FysKxWEiiTagDgzYoPuhOkSiyckxpQ/EJ2KzRWhcTBC3ZrhE3WhP8GHi7e++xYMKfdqBKGdDGZQCsmRsQeiSQQnxDXB0b4JIW6FFULhAvH007sCmxBmULbxVHPWSlAXfsNQOEDi6x5AbB+4syPbVzoXO78lVNQU/7jIdca2M+g0jCZEpyMD/hMNvEcxbf2+J2QO7+EmyIirsS/pSQ1AHrYxrVvo3TpT7R48K96VCkJFcht6ScSmz5AWXroToEssACExXP6A6VQIrgjGwVy+ZeKTV+A2+MA1dYrYt2BRWVYjSHcymAEKXZRh7MFoDnMJ8b2nFriEdK5LIs6W0HUY0NVqCV06BbSljwKNb9WStleKumM5hScM8Cc6uB+4xEntEByhpOODbKtyUgHC+lo88vaSCUh8dR8LwP7wYQjcY1GEnw3wkOXIFR5+kuBw89mwEGjWHvrwjf/86ehh+TcbKGtyXGDHPa8DGxCfKw+0F0lxBYg3nqrOpcDR91vfEEs40lj4wlUFP/4M8byFnyy+4tBdyykMMNqfqOH+0RJXaoegCCUFH+S3ylUFCO5rce69SyYI8dJ9rA774cNwuMfaiD4bwEMGRkx4aEnCIuZTYSGgrIfow1VqnA5swHLcBk1TUaa3o+YGljk1gb2ImOsk3pBS35fiDVBKfcPOZIbyV5h+BGPGKd9HkfpeyL9PRx4wdJoZPgZIqBNBXRephGNpvJjl/YqKWzihlHPB4nA+MbAoy914reaRmydqtVdBUDdug6T5cihIQC18GpAeVIYzaOag97TWvYciKOZP38NzoTYX3Y8afHckFgYbyR9dI6RDA+qoEaLcGS+YpXuBkK5vxTI3faNOeDhPHDIP3Dm8r+AKog52hzNwQZbM4JTSEIeCLoB0AcBRdAC11ich3xch/c7B7g4ggQFyEbKXBDDuDxCsmEWIe5IdFqGho38kEh2Wwjgv+3Q8DypT+muBGaXiIfNIEXqDbCFgVsI3RggRj8GRnpyIcu4+GEkc1lDlA8AD8BOVCKEWGthSIEHGcUVo8rfnd0TITsNTGBHqmBxE/96fq/nsagEfxUIUJGBE6UcZifSAdH5WQBaBJCDsh5etq2ZHKPqsfO+R+l2jP4MD2zHIxG3gKciY1Vx69yAQRf5WVXuzywRAB2lewDyoaSpD6NLtUg/YJ/lC6OoOVQaXNgQMyUKIKwwXtELIYYu1UUwh5PIDCEAhxBmG3zSaEPL68BYlhAoyhrhb311twB8EV42Ao7hCGKgJ/pryYA6DZtB6B1aifg3POV6Qfo0KmXmqQUg0X+FSD+dPXhCiK8NrWRACxWMJaDKGCBlAu2UM6VA8iA+jUg+ujIwg1JEFd8cPBIywiIoOhFwbINAGQgAh/qxcIKQ+wTcqEOrRZxDIYH6FCIS4NHjDA0JGj8auLXbNMfH4aHByyUHLcM/yNYerPeDo3KCkr5azxvg7kQmc3N/yB/mGigv9vm/2g7ocOGb9IDsOsXopOBBjao5GIAim5L0wc8Vfokw/OkDcMCdf+yC6C7wE+Y61B6zI2eK4ZWnQT7bNPppzLznSPgeNx+/b+aC+0uka80F6Ui6pNvJBp8/jpvFBPWA+IZnjA4+nzKDGdM/pZwvSmd8ydsx70F3heL17UFfEqTTbHqS3qj67lP33X9iDvqG4xc39ZVj1oOmCM+3JHcMSh3JNehDvvJyMi44xtZsZ8qXke6VYH0TfzjnaeImKBV1Bd4yZSx7U6Xt3q3+xPeNBffETWvEg5fTL+mUxsEv0Z54O66ykeDGYcOLQrwEP4hZ7Wh4P5AsCgDAE2EEYGAZ+HnUH9V6z/zybwHnuTAgogKQ+cOG6cnEqTjehvr+2tl1abCAbzmzKd/vOmn23dh3F4GNLuX1MHvcpEvvm030cFoDBECwPQsYwWPURdRC6A99+OsivCbbkzITgA0j2AYRT7ejirjhuovp8PS2qHSU2AA1XNuW7fWfNvjX3ylAM3jWEa1/bzKjtI0jgNyq4jwnvccvLHFS3wOtiDnJ/EsWqlskpc+Q9QbWo4Ozi5CCnK5FQkoO4BPebkIO6VDjy4yDciSWcr12FE5uNg+pMaM2Mg7brCipBEjzKkPtAGBJBA9RJ2itjZxo/pBqzxT+ssMZ2hevHQXbE8hjhMOtrTl8JhgU15NblBg9MpOubUhHiVPcmgQkRmNQMCojVNHhvH+Fqze4bcXDptzymB6n5W5PpqrSzPZQjI26D2495DDqvZKBVkKpRbhCnc7IFW9LGd9sSYgMoC3TamUQPtoNIs77OLcskbWlCQLg5G/DDL9PI3SBaxeHFZcx30z7hZZl2HaiJpky4ABOuOIE/hWOD6hpoDbFBw/cB2FDLFKA0XBbQ2eUTLtj4FFXmAnDbolNHbjMDQNwBtQ6OeF2ZhW4W5w1CMFwynN9D+RJQAhnLJNMAsk6WQRjhAWWW8ayCD+hZpnUOHLW0jNcHljhIxtwWUBPHIlO3spUTNAaLmAEHjIMDFL2SaQaAD/KQBrmorAvhZXy5Dzh0Ut94FVBGfiwMLEMyGAlU3vVoBETVcVSBnVavggimlokIdDxTw3IcwByzBBSipCFAu8Gsv+YDZQwyPZp3OYPqNHglnEFOQcWhBUKY2gza8YBfzSAHKeg+qzKOctBZjiZBUe50j7Uy5uGmmxxE6cNjr6Rq0bFaYYOdxlfNJf8J75/2irBhIHcfPJAq14JSehVQgPaVAE2EEv06rKOyt3h8T2HIxHduax4l0lO9KEkG1ORU3J19Gn1Urj2Q+umxbgb9Fvc8xObFEn8y4TjqAi9195HgxloORFxNsLycvGry8zx6GdAOzwRTlx+8Jl+edy8D6fBoYPL4u5eGEeuiWaWqiHDtCZTXAJpOiA4swIyMBT5lgavMRqqWRzy8v/7XMBz7giEiBh7J8iICIct0EwSBdhEEQVg2BVzdAN4A2QCX0M9qlVjGPLU/Xd9XHnssPpY08wtJeneiu7JYgfJcu6FYLhjJtHiubI5ieV9DM+XRtB15atpO7kuVUJbmpvwfnCUhC77oKyzq0Fd2qlOWyWVpoJWuGYpxpjlIukRpGUsqu+zEPWMZ2XljIehCwo9YMBG/YCQQXEaCLzrwIunhStIjVjOIbk+gVWKYfv4FCt8E3wTfBN8E3wTfBN8E3wTfBN8E3wTfBN8E3wTfBN8E3wTfBN8E3wTfBN+EIe8BeQ/Ie0DeA/IekPeAvAfkPSDvsfDgwoMZxhg+6OCDAfVyGEwGqyDKgi968zOtPelG3jFnd7DMePbteS0VUeBIhkxAReGurK+sE09dD9a0TIppdywkl7njr61V3qIVXGVFctpqZJfeeAUKKoas9np/ZAdfW8k4y775Nkvu8K3VkBosKcZvXxfmMAsG5jf2mDog1j2QIJG54wEx3VxbuTAsLc6B+KvDIcYxluMnkUNQ1FxszWEVWMWhBwQ17FWzIrpKDXYYCZIQd525xV3x7MzWqyduy3nfeAgLW7X/r/gbAiYoCBjQkBY0FjQYDQIPpAkJBmOC0aALGA+flrzDERa92m2OPrI6ZAxQ+7SeO9ANnfaSsazQIwdQ/CRmDBlDYxIjGM+TJoFqldG1mygKMD0OZ428ObKsx2M10nPwo7mk+IqCrdigSMZUQp9mOWkaTLt6BbnW2M0tOibqxE+85pecmlfajGVpvr3ZQDgNrY2x6Ic7jmt4PNUk/22MXdKodtEOhhzONLPks+z4R/f3bNaal/T83aF+q3Om10Ij63U7wZe8TEtiGg/RqNvYO+IbIu3QpFnRTY+0HP1pPKGaqzzGdkm7kCpcmIsCL5omBd7UVhURJbGiqALY0yKO45pOWuXnzkKgE8yASILxABK9CZGUmLiQsCQrVe21Iigg98gnxmlJ+8uDlcBVVaQ90prSk9WuoNVO7izHYYt2tg+XvH3l8axNK87Kl7zkvpquIleWKRpcgTdBDQCWrgXwbK034DOAAKKy/PbFcOgsKY8tN8y+Q+1PVyznazvVKa3KZL0wnVCDHNQq+56e2g3ojThFbwTULFAE00OX0HBXJRbhWa1Y5ZFpiZf/FM1PY3MSqM1Hz1ZzJG+I2I1lufbevsdmjGkmEw0UiRRLJ0bI0dobY7fxrgWIC6Dzq71ENCMABACTMAAICgwKZvJ6PI3UFJHgB4uccIj2pBOOuuzvFHUVbdszIa3bstSFEI+XY5m0uZHYgcPPAMoxCtJh3IqmDTaVox5gOCZkXoKmBTuk0GX+0odAxUmH4Ahn7xG9CjkOnbWRGVp6C3jMdYdcY02BMBd2ip0rs3pEozp6hVo9lNleMLXtYZzyxZH3+uD5al18aYSRtjFlLR11uCCIBoaeE+GYfhdC4mNJWkKT75THY3f1Vc4du7n7M3lkHbvPXeXQsdvlUQrBlWN90rIwOzZ0VGhmkNDwWF8xxsoM6Oc73VG0IfIaZbSRthpPtj96QZbwwgTsN0AbcnxBAq1sghsPCdbSCMOHJingpbiBoiYHi1Mxukxj5Bxt7nFIxXuNAhWLRnIo+xbSXJIi94vWi4s0QfYKJwpqno5dVensOjP2Kg+IfVnsp+zE9pMqK6SM7hWqUKiycMrHOe4WpPxw6+yZXCnxz7B2kcTEeEBNGwunchnsj19BqEAKl9xc6P8GCsySJ93cwkooS6Iq/GgERsNlIfmtHESXqH8JPBvJTJxrNLOOYylQ2qwimx4ck8qkJyHWrMLPE6zZH0CRXEHH25g2LKqQITMLCft91Qa1OKCNWPkUCoJS4BrpKiUiEdq2PuJxJUCU6ccPXXY/FVbdQxsPUdMk4eyp0zYRxnJeRLaqQ1C0pkaGHUp7LUX2D5fFBlryX6ZIgVS8uqgz+pBJI8fVC9E48wQ9kDAUC9TXcRB/gWsVtIC7PlXBDp6gJ5V6UdhIbG33x29BznQF2GRjgQI8XkVQSka+I9Q7DzWItEqFUy2qBsFooAiiJiGOaN2jmHIVQQwRK0kHRKG84UBMdf7za5/qYH30/uiMaqwJiBTQByo8nnDPaYFIe+qVKbaxJt++MHThYdSJ82xm3MbMj3aOHLHB5OgF+X7s81uv44RqzOF3BpmAk+jCxx2v5WWyhiyB0ISQHZ4aWpThmcRxbVLhojNRHEcD6ONLMiZNJsVS04SkpE4JoahPho4EVRy8p+9yrK7SWbEjDCb+137IHh9bBroHoQIgdfISJM0iD6SeT0t83Y486iXvM5kqSSWWYh/HKRg3JNQLUeH4ozBLuRtlglrWhEc1a7SMVT3/ijNy61aqpiJKoarSbGuFuMmFrJ4b3ZpNtXCDhdzOpIjsVgphJkDcZxveVKkN+GLmtve/DLnsSvs/BIk+W9rWpZ8biyB2lAXoOQ8tbuWmLMkDiUlCpCkBJEoeg+DoEQ1FMMqJuI3C+acr24HxyOEVU7HkUMdGxdk6wkJBAV46hniPv6Llo9595Rm/qP03RRn1kqr+89e9y9RkRQVOxgioAapIueFdpZlHgKzwnBBhTIbQFY+nCiSLSi1Cr+amwoaKTyqodRMsExMk1lUtFssnTThBVKtR3fd1TGsbBeXo93j4VJkqqrQhYEZlrwU/ymqXW7VBvUUNmFJrC7+bcgxvdJMt5eq3DvKWh5PWUPn5/53wuNYBUusLqVCBZMv8zh//QJdCkbspoz5zqeUal3k4t1Xo9+9SlD/4SPPKYgaKD8Z51CaXXCkAi7DpOwXmLBVUWE1yY3pW0M1oUwhpfiUdQDtfq9v3XqU8f8kZnLGBxcfsyn/n0iq01Ym8TCEefg2YTVUd0aC5YGcFMB4YKPK725Z8t8dDOC9J3ipgoitJnhsxi4v2D4qL46Hmpp9JY4Ds1bABmFVjw6vIPxUmbwKRZRnW5NAck+UZlPh29EFtbyqCJRHGyZlGexyBeBT2vy5Dvk54zkVCS/K/a24ep4kGk1fkNCs0Jbzu//4MkMTj8nnSDJ548JYiyS2O2ExhlOgaOZGe8jffZkUbSlwLcVJgJaRbQ1ozairegzZ6tIZTTnf1j+yXajRn9lfG8+4mjCrMTd/fZt8tCpbzx2YnTyEwTqoZDve468dSETBBaTLKpCu/U8ZJbaQsMDia6fzw42AMoeGQkY7lxjBIlSnGc6RoYF2TYKhUC8SpOFEmUZP7YSE86nmgpHCXB8OjUAWPlgQ+94CePgdRAt6r3qBvKSHIQN9UvMm7TeZlnUG6nWKdueJBZD83zhvf1h77y+F8Qczwl1iwyk0bWkq+gfwoyzC4Q5RhLh/PrRtd84uDzV4giFdeG70TzPBbL34QCHF1dRzFiCCIU+thuDGTuC4Z5bPQPBdNJSzOlyrLxXmDqPB2m90bpu1neHzjg6KhXxe1vLcbpWMbTiD49na2GnllG/+92WjQOXlgYrgibTDflHW7p3Adwd9M/DZt6Ru1OBoK9d7c8Fiy2NriCuUugMCoVn+U0/CvxUpJY6Ij9AFrF6lQQ0i8kS8i/u1jJMiwlfEhCkCKbbFeBPBMAYhgA3DmVEmETpHW+4dybz0QLvAMe+6yvfG53V9oyg8GBl1zW7xDX/yxynCS8qAWbSL34w+QnlIIoec1kgzTEQ1JpIkKQAWJY4fwcVhdfthMezsxoBtj7Wa98Ch9FTvikfRQlZvTcacQhKDMZ42HmvFGq7I9zEhomcsAiyoaR8ugMqdwGO4H2HHKZ4CIhajI4wdxiWobESZ8okIP1+nscaouW9s6wWN84k5S/sCdJ3Ef0bdMj8JhxlDKLmPSXhvyvcojAn0VAWxmXqvlA3eW02quU3d8rQmoCPoG5GIVdoRn3Pwp5tt4uBRVYGL7nOFvA5xxq2fI2WPONx+G62R0V1h6hkrSTI2/cgNgDAIBbtn44c6n2ZzlAuCFrU0lE/qEcaBWuCgDYKl1Iawp610RgLDQxFBH8ImghRBByskYuWaM4IhNDQruVm5BAN5GwNu51YjApYxzc3Aoqp5p+hl/TUwkxLi7j5iL2zJ1u2jSQsAr0FHOWEN0Rqpve74Vt/Z2TDgsQDU+4zYT3eo4RCwVx2cVskWvYZyaaDS0i0Tkr5qQuoPMmc+agHAGra2homtiRuOOHIgbgM6FTYj40oeqOFEtHTrdvLUWi8Ls0Bw9LydDJ06HTfFpnlKMoKI+w4is1oTcDCepxzUhOVRRvc5fExH3AeeIf0aSfhLg7KF/xr1hmTaje+yrXGsT5XTs3jZPM00MNzEemyPyzUXfvhzPn2SXsDhLxc3WC4oI85ooDsg7MfAy38qvDo1NbNOTGhFpgjV79syLFdDP3P3z3vVhKdjtKEhXNVWx4ocD1o6DmyBl4Iqbas9aKrjZeg7ofw67oY2e6I12dAuznXfqWgEKqLi4wQmHUvI5gJzE/mWsh9OtkO4EmGqasTkhhNIFJuNXqDgXxQr+2jqXd33XjHDJWlFeDJ8bKmhhJEmY9qb4ee5OTLk6PuQZX9z8ULR0CR8OUkNVe52ETCErdBCQneXe3V38T6Wr8/6siih3uyPK7dFQjhQsFurPYFPuavSF+8eAtRQo8Si+fszOiRZdnyANAusFtAy7sXFleRmMhHDzCkEPIgnUARVM4fBfgjXyPex2/mURtk9ykxZgvSnqrTcvKWjlo3tlVOEBq97UwHXn/l5/zI43bXJ8jmaWOJQ5SGVBPw7mWILTMkylmmXCpYYr8y65AFOghYnaQZrLCF/eL7z1kcCJsYQ3Hoko5X8k+gwmJJge4WENfIladAhEHZvHzdiOJDrRtLPna+35deKDHIvoFNm45FHEhIFsjhpysT0FjVazlEiMg49IiGGLutnQeZtVXkEp69CtP3R6eT7jH+lj/OejR7aXCN0PEiaaIH5Ev8zJLFKRDpLPvOMIuKJsfd5GyVSByGHHf80iJyjiEdAdpKo22Vovq8GSCY3wEcr0wGPJyIRWXYudh49oc/bvdKw5gENJD3AYMqBCPWmjCEKw/GKD8sZd1Mv2Ou8l4s0M3iGiIhT91QmxSzpE1yxi9Aj3Oj/bDSvcJXrbsYL6QG2TtO+okOv7Lg0hQ4ABk2IfXjHBgIZj/8iB38QCZeKFeuZPgwvspuhITLB3b+LNYH/nPY2w1wYtECYr7C+h4tTXsboOy48bKqeQXceKPVcc6T7e9JdYcB2MH4fZ8DfyBUIIzKmprHALOzUqT/m674TCg7yw2SiZoaTNuHHmbdc3JlMBORWLYSIUmQxnG6LzDUoikwRqhsg9+GU+IhkvlWZoAGcUz3FKXFCkiZi6bQnXR4vjFttp+pk8ZIbd+qQQzkPqZTC9lNuHmKhEEp96MfIBNNoimWHMOLgRluFbQGHfV5EfGdd3Esakxf78qymx/MVQdNbTsNeQRmuABvUN2mTejZ76A8oH8Wxa4BTKWGHK0zNLolGWDGtAoled68ZXxw7areaZgc0itTVSJr9T+sfUqcKxQFvURKuDxo0thCMUdKbCP6Q0FLPNj25HzXOwSKnx6dRfO+Y4NJsgza9Q1GMj+aWikTARzvFEAzinkuglJBNL5VNxnoBwVc+lXojr76+UVF4QIYyZsKtGCsEVXhZDFfgyqM1hw73jWJNTnIj3WVYSU2vwmdfY0zXXPRs/IrN/U3roFoIloZAPO9WV6zFlhxbRgsSQmr3tQIZM399tHiTsB5nbMhGs4MS06KD/dx+baFUNzjWN2VK0EZMtTYF/6CxhsnMo6wixQGGCLXVIIbiXBWpWWtM6+wkWfM6GOJtJTwLfpTDXw3d0EoWMkrVeC5PhJ0O3THLMyClgRskfjeU5eqoA2RrkTqviMqfOgz+ZuLDRtFgzDUKBA19RTQCFBH6ICx41g5V+shemNHIUGNs4Y4gZ/4zuKEQ6sljWQz5HEaiNhspKqZNNik3NUl1fUmQq6TVsOOjGOSFFuxztsX/BmQPORokWU4rexM+EFlp4AdAfJi96FBlBH8ueC838umoXUIiV+4S58FmHzHK+7Moqxbm/99DbuFjr3binDH6i/Q+iCBRPWPG8e0vwwkzrrsX9KEjJEdQflugbyahyjzVX7JHf8WgwwaKD8dyv7nL8/ggZ5kgjG6RIKN+PYejQl8HDVT7binnCwHEjJEHMqRF6jatnrvM9Ap8rDh9LLKUfkGqdXITPppl5eNGhVx5AjOJnQZcGKLAy3L+lYjWlwfAFX+JJ+dNO3Yo2gidcxUx8bHmq1CT6zuQcTUhwi8ZIFBZXXruIwka+W5gGfoT0EcXSLr4oTsJcD1wURwWrCWrPV8JF8em+as0RUhXBvyhWylseLhyqdi4K/dXt7JSsICt8bZxrgm0BG6Pg5nr8ZNdKqSthYQmPwQi4aozLVGYrYE8rRt2xs86AnP9d4mcoOcwvpTD+HF59Nkf3AyZkLP6rU1l1GndLoxxFNuZR3VPQ50xxum+X8YNoSQtm/h7tS0If7QAWYKEDuPZVhXSh7+J5mzZwmY6R4x7zjVfoL4mkZQz5vRaTeGMRHXWiCKzuiGS7fd3o5GMqfAqtL6IOs2E7my+XeyFGmLMkwwEackmS6uYmIUoTG4BDPrREmIqaiLoLDU1FqoGWl2ajgtdWTDSy6tmBXFfUpuKQmsNM8567GuiaoVsyysW7RSI4hYJ9fVQaTtInj8SQamzFj4op8cDUf7J+wilvFue/ZmZ3n+yJ5oOyfiKgEkJK5e9pIM9Bh3gkDiZNdvc6PVpcKgVjxyaewwNihWfUo9LNv05qxtELBSeqvtFeL6uMbGt1h74571yxDXDhP/abWdGwBoJCx1VmM5TGEYnzb0fMy3lZ1fyMTZZRgUhXdbqJju+ww71cGjul1tGaTRYWtuxuQWT9WAC9C7eQGpVNjTxc9rtRmN+BPBDFCz3OXHaSw0EJRVTuV9syqrJ2OcxitXo2asrui32OA8onp8nF8Ep+3RASJDZQk5WwclpTIzBtm9kPrizBkc8tJixAECCvLeDtcGjJ2IuVu03eSRaeWq3mNC89FQfzlrWVwBc2FYDpKWPtl5XAJXgAH/15cCdEqk5HPRsitzpsHDDFu8kkxK0/t2E6LqWzCDwbRjWNg5Xjw2kKlvhULo45TMimvz1r4NmwG5LV6diRNr3XfGaGEKFnxCa9to8Xc5AIFe7KlvIwCOvU0foGktqEo4mBN8NgnDTBV4CmREgL2W9EfY4OJOGVjqsbXETOFqjPp9E1fnNYj5ouLgrayQ2+rFaaQhohnyEWoEWtcKvt39iCnVsItHsT2lxpho63FGD3zABCbdXZzt0NmNbCkusqwz8teXWbm83psl7KrVH9OPRhjS8j+K2Zz0VuHRRzaaBxrlc//WyteiDr7v71BklwnwiyNADGAY9k+nFSmmjqHYb7wvglBVAoHYJMAETivihMWFEQ4tWMy2WTathZgVbNapeQCvBlN8Cx1C78J1bcIN7UjFCiOyDR7MaQLXfiOdre2KqBMWaSA/6jNpKK3DNBTrrL4kGfbCbHavHZ3qovH9VtCCwqHlFUFTyjn0gvVJVF6jOO7KRYTSMRXAMwqkjp03QI5NQmwnDSqLKPh5GO6srB6aIDkKo2+2IXqaoXNRcNLqmWhLzHk2rc1dS51U/xETxGsB5RTMGuw0/DhcimSR+VJ5o+omcOIJpTL0CNLlHd9JBFkZAmG8qokgXT0evkEWdsCGoCNL9iQ08MvvA3bAiqAECTaaFx0fSPaukS4qn8me3kryGe+WG712uoagk9f15DimZXE2cSpk4Co6Zh6bxh6vQsnYCls4epk8CoaVg6b5g6PUsnYOnkYeocMGoSlk4eps4Bo2ZhaZlRg02qs5Q8mwgQUxNunRoxOvURYPkTporlaBuCQjXuAZhmyVx7QKeKF30LaLoy509SeFTPHNB4IPIpp6FJ1X25QvUqhmLkoMFoagp3NuKU2oYfPCqpkJAoaFIKb5IKfUohSCnkSSocJIpgRVNz7DNho6Gqt9DR6+F4yp84qgiXFoMomnE7yvTZpkYR/XmgVyd/ko4YOx2ecP5EU8U4tA1I0Q33AKbPgGsP0JSZvhxFNczxIyku+jHnNB6BtBpPXVS/mMK4o2yYRPUqnGrsoL1AKp1zNMDkxOXc4ggny3hqJP1iCuToqeePLBsU7i4i+swGuGNUbjFiuFRXTHD+BFOKcrQNRdEb7gGaLMHMaQ/w1MxyD6RS94A20BH67p4JE4GazanQ3TRBQZujzxOigqmXRIRiq4QOOIl9ZYxhKDwTkoagnu+NDXCKxydZfMr376iDUBmwP8IcTsUemvL1IWlAKp32FgD6U+i0WEIouswkB6CURV6BQxEVChEbYMomt3SgaHgjIECYACs3xglEuUUmHQhV7PEFMJqokId4wFE1uCQMRMEM36KgokKNxUJEUQZsERmlbo1G3KRKp9oaCVNMba0hRd1foA80RRR6WeNw6rGPNQRRnengSydoAqOzZ53FKWl2GRZE5RWC/a+gCaDQddyKU6M1rCOIclcITREHmv4JzVyrcEpY16UDqXY5lcBEMZDZWkSRBm/pGNW3gRp8eorg0G9MJH/XFNKA0K4EA+eoAl6jYgqh7qJnEkLzVFmHRHEgaGdH81KDxS1MHXYpjQjKFQwZwLRQ6KDxg1C5dKUPoJCV4YWb7OlJHv9gKqnI1KIo+rfYgKY5Pd/ICZy6VSbtI1XE49uZ0MQ2J4e/GzXazJKp2Sxp0H1FK2dxDLjwwBNDV3uEOUwMqalbIT2K5IDyrLKUjbUbG5kULLlKxVHoY1Rc7mP49DTiYIbYoYgaOa2DuhTUB1BQJEQtzqeUgdHTkmdSHle/dY7OkQx1qsezERT8WZLY6XR45RJEnYqgBeHKiNOOintxQqMIkwzz6FEuDAkoSCBLvVibESKT38apJg67FKPUcpGDT0wRB9PH5ETUShRbp0uhg/IEfSC6cT6l7oZGGUCTPnEdHnSUPWMoTL1aiKCmn+XBTr/H3rrfVAfb6LhEDQclJQCfYLr4uCwmxynPKk/ZVFtjg6lgiahUDkIfTcVwP0acTtHww+m5iC7alKQJI8nD07R2xKKhImEm8Rj/TxUYamIMeU7n4Vd68//nHIko03g8G6HCnZMEPr2n5MklDOqCnIxKmJZcNA+cEEioAMmsMAv9LxboXkjlBwk8OAGKrAwfMaCoyFgAVgHcJNluMDUa/BHe/BuFoUABKC6geYLoXxfFiSETO3e09rS2SZPj5cDkOEPZAdYB9AGei1vETkQJjcVLqYWBQCCPhySdVhgsaMUTIYInQgRbI35xeHNg5YQqTQXx0KAKou+c9XwZvrF4ZVajGieaOblDe/QYmFMOyZwbQMOC53BI0SfmFTjl76BZ8fK1CBrOZdRq1G7YjuXbsNaEEpSk5ZTQa5z2qGWyVX8Na2DgPNqjBmmPvIuo0WT2N8rsbHHVZBPantuzmMMhtcaIFof0U4hW8kvaJzgl5g7QZgAGyGMjuf9JOFS3TDyoWC5BPbgE9eAPMrqhtDNqNj+uTk1t6mh0jl3DKWtTlptoLVO8255OzptCxKKMMJvX7DAW2Y2MGG/i5cSwaX36G/ZlK8KGl57JXWM2obFZHbM0ahw7CHmh4pqTuvMhnCjeXd1aE9rINoVob5mQU1KqebPpSRKUfFvbZq9TI3XHmpBhLRMLt1f25nKJ9b/Wnm04JYW3hzljPkVge5IjcjoIp3eMrazlFMnUIKKvDMueTBPmEjr97ZhPrTmYT02yHZYskY6Q8LAfqtq1fGGgZxkD9EZyBJT8iKGg5bwwPDjWZYvTVB4xGEiPQbrVdiH2rfSkBoXBQMDYTs/9Rm74Ur7h22/62pCbc75lxn7jow+cmbeVk9qu8ZrKKZiWwEpfDhqtBdR5Wj7iPpC7ysxdfOd1DgVWW+euTNMW181zSNB1rizjPpdi7bp6a+1Qcmf1to2jXpshhrMSOoeg5aRwmVCN0loSURyNzrlIuUJNFfJ8uBUtNzjX+ajhvLw2RV2ZeJli02LwaCxY8BQ4pDeAJL0BINLf5vWjCYow5lNb4MYIShunxFAuE+cJZ7OOdZbvzCZ8LplVziZiZ1i3H2XUWriyoxU1msx+MrcdK1t8wvWmZhaBRDOZzfquzJFtCtH+4jtvvNFGRgvA0RqapVWXgFzbbBiDwGIWzjIRbWSU8w6gZKyhk5P/YfopNzJeV/S0dsyrd9udtGq38V1Rfqp9bsTixaz0tqzQsI9xW1q82y5cqnI4KXVbZrIKTmrjbyFadmWWkbirbHloIGmvgphSwqF6BXHJEA16jAqi9tWw5a/NextB/EGbypfF1vmWOTdaJiDsPOSAFjCw4+mxXOcCjD0LjK3N5ucR306HaC/S2cUWBHy686gvtuwhvPW0vJeGaTjl/1do2KaX9q6L7awWX5cEDUhS5KhQcb3OvhZX5lhXgPHlp861zSLbVrwWV/prO3MrZ5zXnFSTc7pFRhllfDOrc1KHGuaWJrlgjLFQUduiZW1Nw/ao2Q8H0OUXxtrabfyvsRkrPuvYhpNwqNptfIAiWaf63950qkEQDYpIDagxPCSGyv+/P/6aiQLRFpFBQWXMp0r9oVU8nIMC8nASBQONBBYagERSBfuhfNW2mL9TZj59A2NtULtjTdgApALjJcAwwIAKyUHBQAUD56CoYHAOigcDFQ3OQdHwiBiwEDFgYfoE80unTs/tC+JY6w459z97s1mnhUI9CFV1a5mQ3IEnn+48vgwvae/SNXP6m5eih2054yBUFcdWHGuhBAJUSGDgHI6igoJjBNxEoQDUXvaptpWQEYP8cJHJeMnaFu2ZnEcXT4H0pAJcnb94DQW4XzwG6X0y8cLG6tTUptc1/cGmNHZslM3PZXMi3KEh1CIqBNQkreNlQY8n//9ztIheeRE7qUhcPpmDzWBr4qM2HdPa+7xMiTmE1iznRo+F0Bw0mMkqCSdo2nsQ5u1xA9fXjKAcenBSCmyxxx3+ZVm5H/4cD8fjEec2SK+dmdeCuJy/2GJiXV+nZuFwUsaDSwUzSSgRFGWycAqcVFtyftI+l2VXaNhG34xi0EMAmfn6ZJqiCdSApCByVJDgKBhIUMHAORBwE0QBw7nbdqHCkngWNusutublODd6nG04paOx8+aQWmt4jnYdbNgtZQZxoIEThBp20jNhRPMIdDRzDs7XvH1BaaetIiAkC2dOJeMmVghn7ayS6eJbJ9U/5lnEdTXmEqjBpnTe6nV6Jqdqe6hLpF1abxirNJwRldoIaSb0LBImsKaRcZxG1LTsBjDWzAfCQ1vZVrwew0VrNaK13KRdMxmEGx/cPqKvVJLLeQenVCqJ4yEdaGCwHwc3MDBYsAAi4dZJaXZNsLUtats5q/RMzlwg28BowZBmHYszLallDPK1GPKASI9r+0pts+jAgReJOABANj9tMa/4eEgAHGAt08mwTmthdXgSJEiQ4ADqwKMDkId0gJXhA4/Yzi62mFRIiJAAxS960xELv3ET4ZnSrLZnXrcMIWquTNPynnl15gyQR+yVjd140RfFpgTykC7YsuByWIZFGS09QREqgmdCGT0MvqybHqo3Fi/NujqImHj5kLsXfS8jX/TytkJNfGU0Ssa4svTTIlrtDNaWSaU+oNmsG4h+ov5HHHLtcazLGAUnfUMCNxYqGnBS/Do1VUu0ti4oH8hBTk76/2+vNWgbGaGMmUPIdmztQchQBDrnOg4B50bP28iomZPaUxXbsbFO6pNpyuClzCLu4JnXNamDnE2m6W2pCpxUAqpts///IURhmiQyYpCrS4Miz1KVSjbHA004qQYnhZy1XTdNcfmSWLyXfxuCA4quoIMKVskUmhlAABAAAnNAABgQHigayiMScUTOshDgA4Gi56XCK3Zzu7+cUeS6doZkVkFBN0vNXWEIdGUSCVTg1tLa1kTZwNAKmTgybtJ3YEpcbgsCFzZG3YLJInQh/mLY70KmJTpIEUfXPCSEOoTSL3BX5iQZTvGeZND7MG54l6qcSshOERowOz5zwc7j9R3j8JH++b976M0O7pGoEV0jMZR7RCePcTxLpI7cR/LPVIxkVMJdEqNaadB0RomoRxAhlPztkOr8mmkfEsHGYiYzas2v64NS8sgKKaRCP3w7JrQuuFuU3dh6IotmHZ/s3G+47MuZOAUP/8Jd6OiN0GiqCNk1tt7MrRHSHh1S66hVZBQolLEQO0nv9E5mznlj1Q4pxpNnepifhCqqySURSlLCRVGGqsI5iv3NGY/UtjxJYasQahejjUfI2UzG7LglVZkp0qrWOiqIMDcEVCoJzDrpuGItkLY8y/SrR4qg2/J4dZtwSd9MvD06cVyyyjt1l+GLvEtHQ52Rrq6TfnmjZHDdURweslE0X3/yvjp5ws3RGLAumTEzHliToJ/kbYE9pRWFF8Gpml+rY+bg1ZuZfOmTbRmAvpL+rMU8VPbICZI0FF6bXLdYSY4vvgnfCeobTemEsGsuwxP0jCl+Q8UwMs29OlJWhU+GfmNVJw3lCjSyM8CQOeTnCMyxym+eHlGbcnG4O4NKK8mGRyhd4Y670EBFdn1pY8ouIpaw4ObtnRuUW2OLCrDw8pctlrQaz9GCi0kMpvFCy+nfuCAKbOm8QZM73stuQvUKOd62cMS2bnbPdznLpOg1ezu+QpJ73cRarUhCG1i6Cpn+Ve4pFnZoaQZOmhWIDfFGRJgwLwjpcWeJks2Pa/Rj6ixJPCCdyEtReGH2VObl5mRnvhDUixeGNbqyGFMJTvmnYJmLwiH9tgSCO3j4mzPYy3T69zEkIffOisFhwKqmDWI1A5FIMU5NSClNRa/Ye03VZS05hnPJkmawXK/Sb2UZ5hSMYwhdGQKKS81VWYp6a507rUvIduU6DdtVZXnlhneBxTT+EWaPfzc8ujhdQLhSMrhbcIWZMWRpjytfMmZCW6qNZ3sWTH15d3vkAC033pFTjAsUhdKko8ufDtDaVx/xB+Y+egn+aDxzVZ0x4NI2GR9y9n9GnENIhfbEGNlPJTS1UvjVWJjHhkXvO97w7nF7xBNVxOjHB9G7fNBkYTphyfkXje2DZPk+OI0fvPvCnDtk6zoivcIv9VR6OtzV3lt/KYQLyBRsat7m2fUrnLFSEAfNZKqmiW6POMlayUWpRI1Z3Njlwe2EcjZqOXf7VpOMOhI4X4flXwoob9vNqQ1o99nYPPE+YG8+2AduZxIrEOcw2xG7hZq5IJG6gG4Ja1dIR3ZPLm1QYvl8XAp1b3A00JmPUygz3+jOh+uHZd7e+naI3P2ed3UEHr6p+fieIi7f1PDzTe3ylq/v8fmWtGnmTL+6l5CRf8Rd0vNi6YzpR5lmvIvj49gBe4XUlHQUjNuAMsDftrMQGynBaBc4CrKljw5kNa0Py14GS28puFfpys363RkgD1taA8iwP2BmpzySIljcoKQfdM6DEcnnIu6FX/TAwggh/BvtVbTmKy5GZCoFxTbkOY907W3d/VCPo9DWW0TA0NoQ2iHOqLApLSzgXR44q13x/YQykFhErJ8yDGgvgGaTqA/Hhw/ZrJYl76lCG0WFA6l1SIuKoF2FHlSrnKAhi2F2HAIbLkxpTlvVltLwJAUNt6keHynWA82jjSRnh7M/JCgvf29PimT8UBLF+QqzJRCPccS8pnEsyZt0fGyl6Bo39TUO7QTcU5WNm3U2bgpAIUhr45SgbTyFeBun+sSNU+or/q2Ffahu3FzppWyAwuBeRU2+VJ/hpLClAIFYSW9ITUk/CmR34olTk7IbB407UVPSiAJ5UUC937/Jl6by4YOsLGDBN/h6qdFxwSAAhekM7lUNJ+rGsoGFEZitTMTZa9rj0zVnGuF6777/Qxws2zo08RPOFsXxvrJO9gpKFzqO3pXVB0QK5QRyXLQy5qKmmB7VfqYu+ZzGczyevYNQdx4n02jwpigKw5LBkEtbdmChdZInt33WebqdaSZkHAc5HjPk0gQqeV7K9DxBw2wF4+mIQHVTty2Q27X8LvEgW0D8z0CnuORnTGyaN7hWaly0YXqgTn6RtX4xZbFQRXmJNf9ix6SnQBiyJj06q2aIj+/ZrinshHAe1JjgAwsVMMuwQtYu4oktAgzpRU0rTGzGRD1j21EXHCUef68ECuRrpoQrTgUdInxTHC2rKDvS+N1ax8OuNI4auV4oailTmmng5ioTZq4s4ouij0bMJxQJupfuaakt67Xq+pSJmgZlccq1fqBTy3K9IBQMDiiy/HuIvT/Y5qxM+hAECPv9MiFAGI3JJcBy4BWMKjDSgoD7NEz+90BuoW6bP6hgt67kCeJB+4N23CX7A0yte6mkXhH2EhHEISgWYkonN3ZtE/WZht2M6QYzYTwUxBpRUErXon6lFZphlsCISpWNBRzKMmbGWqEq3XYdDBx4JeX4oiGsUQifYRNK4vKXggYCVFDyvaGqxYTSOTmHZeM863p6PjHm5suBEIxti8XUZXGeDDAmdlUE5Ub02Kswfb6FDO4nX4brkc86MaWTYSOHTDCUk6qQKVQDqYp9BZ1BQhqXD8uEorBFyx+KtIypDm4HQjQxps+VIJPJNFyYv2tlKmYXfGQpoo1ku7CoiBvb9t2X+f5w72HMnLLh/NyJmjsPjRhIkIAyL6bnL9c0apUeqtGjE9twMHxyIFHhNmXxhCDPWHIqfR/p04/ZTjG1zRPUAv89KpKndZdr5xXkaFeMdGrOLGGG4IATnUpxwS5/zBDPJdCIgCrqy4vWAaMg+vsfRppIuC19cEzXlWlwrBvCmY4qtzs4idrs8kwoitoWzGV75QJdFEy70aJdqTVLRD8a4ppSy24UyW4Ehm3EVOxSimE3pQh2qT6/LiWEm0yQRrXrzMYc7dYgmgzDiDS19olZO1KJoepVQLV6Y7S55Tu4Id7Y+zhNDO0+I6AmzQwDIzqZTvBsu+AQxEr0XTdPzu2BKeQOpwQ9+pFTSNyksSTjNAuRixfJxIg30PcwZ6nRekJNSEFvwgi46OSmPYcLLzoFHejG4NSIG/i3rBBKhFXKGcQqmVNPDgm5b4xVWibFMjkXueqGz0xVGpKzTxSMFT+my1UpUujXOMSm9AwGhVeliOge8FSx+fDXPcPUGr85bx/gNpZTnN6cSj6Q7C0jxh24S8leuznp2IHJ8KRETh1Reul0ApH6Q+mcnqjupcn1y8zoDfK0zBFCZbo1VkueUT+6jZvOlXvg/DFFkhNq2OfSlwvcY3u7LkJL48qiAycpLvGSjMhCn3ybH/QkZe1mkkKi8XLvclcnXc0I2TEB3E0raJLwjDSJIkO0ValoxZRrmiKOIo11SU0as+4+tBlox+0UTQaP6WmpSRnF/JzxICuwsfjNt5qZoSPpvJnzl7A6Qk6zJqCTF1iFKGUeHONkG5o7aXTrfhjAD9CMdNnC5qVPa2HiSK9v34WT2bJRCFqxF0rCh9v/oNbnkaIGs1YW+QGETC91wWkJdjz/o6PATjb2Xm1zm8I+6XRY99Yn+FiaznUS+9Tnl+PEzGeyT+U8jeITmeScmcuSLnxQxo8s14RMLI+ZsGtUaBciSgI4zOHJZnvZJ1s7QFRtNSDjOARBRsPljsA37AvfV8WWs3Y2SqEpPXrOFWs4M3xFFpfNIfpZzJG47Sb62oZ1opifaLasJixXL+xoSobIndyPHOwpiIDxYk7qIQQexjnYXJ2AjDC/HcV2/7M29R0QFrNupRNQQSSmNLvHFIsWoPtbxAy4sTjjOXrsnKWVvbH8sHozfEhpfRtlTTSPxnUAnMk6bX5azJhRX99sbGVNPrBhuHrIEBLJnWg65sn9XYzjDJVUgT9cYNj2bHWB/lB7OU0D2UQwInGZlCWjjVxUPOF4uHiVj73kOqrpy+8uhCClbZUPhj/X2dSfaVV/qw/R49gluyxdKWA+9Vp+kq/Btz4niZIyI6FrCAj228YgnMjpP1QcsihCVyfRDi8Y4STEvovSlL6qL+MR3Bt2d8nnbJvn/8q31VCsTYjOvAqnqtjrTe4W3/ANNvtlgfbffPZwU8UbUUX4ffe/Qch+8xet/uI48wj5c7I/OJ94jP82EQA+UusIVEBT0gE9RUigqZ8FmpoG2vRAj3gR9EQc22rStKyLJeVqzFP4QAkuEmH+cPg2MjGIpQwxYzTPmlZ1+wTYMSp4YwgK2K12ImB3ECGy3KfmyxAHI3iYa3iZ9rH4+wQgobkpg3moSlJYMtKUDU3BPttFZfRH4+gknLirNlsQflS/q+djgkTFh4gL4ykXMDRhtOCibCm4qKyhyZkFFYLnMaVJaWE8hOMAFpfX6XZPTLQLuEIF0LGiKKfOAhZ2BKV8NJYouRhREHNRO6bY127vLi4RmrXRteRXtbdj9P8ry3cXG7LQeHQH/sRoSJDMcx0ETAerr/BmMHcf6WdYT0wAWBsqVlpO2dV61S0aSClGbQuDxDmHpNrA7TCFMjGW1GymCD65AsL2YabUlj7FgHgXuNNyDr4I9lKFFaOIUnrKjxseQjSFAxS9ULRADqUJomhhxv2npiMjWHzAParr3aP7OKExlkGewfksRdPBCIyWon20YyhWzU1ElI/IMsP46KaWopU5wxVh0j2K3gyIAOK3im6FvVWi4sTUJMgp7bYp2mPiSyOFYheGlwoFjuyLWmiSLgtPp3s5rThMiDSXVsWd1mE4/4mwekaUrhr/WbLhjfzRoZbmyXIH9EkbfQaxMUKpNHY5DIP4EXy8jcCil4RXIE60ATyAkbtWoJ46DGB3k/CCc+izXcADYo0GmgpXItNBvx5sC1FAF6O22ACEkIQdr1UiBwZGrWQQWu2yhtQc/sPN1mtk1lYSuk6I6dNF3CkXoLEKRbbW5U4gcvqekBTSrYcim00oinoosxve6I0CqJACt9p807WUpGam4ESQU5Da+ylI7axzqXDIKaKeP+pqasK1+DW71FtM3crLU9sg13Njvj+MUs+qPtt0A5DGBIEXs+VtbtAs0QZVSs6l+1WiHq5bGAkwg9OHix8XM8gebMIjFjeZJlRm4g0J+fDwo8k5ZKRCwlTTsFYcHZang/ahlGpwHlkyZ8/BCwTbNg73DAmcTyxV/Hpbo+SrYIRUzU7kTvTj52Fj0FATqXXEZs903UYRLJChmpJXssV+t3WkkESjlXYd847JrUglq3lsqXHT4PDEmyKNgk3psWlycZJwAVREC35hpndKLxFkYW0QQv9IA3UPhcNWfse6T9FS7oA3opI2Plr4cfjoWf1EcZZIJT5cSzE1wVDF/ykp/HKJgos13OlUIowvgnxWXmbqqPtUys9uQ4hEdTw5phbxKVQfncrQnZEmiWMNAQlIb2H3mFrRCm1WqU61oZaNm5YOdCZrrXA2Ncrzr7WUJEGosZijuz3KIoYMBkH7rIWyBomOlSh5DmXFmsLs1uFP1kQjbFb6pGglbxzVrsoa0WYta6ZubaWb11YarwMug7SsVbGcEQI9+JwvZw3orCtRES2KvLsRxiWkqZVU02HdV0lIciuJn5RbkUBrOmifC1+J6ULfU5xxWDeNpeWnLUyUlIA0Yak1xiNWFDE8e7gU2wTJzhUxd2BJPcEkw4Q5SYSxQ5kVGr4gfSQIxkBraQ59uZRN96yFuVktgkxHyuYBnsxCDUfHY0lg61tAvQVGZID4iC1Xtlpws626iCBLwg2rDA1sirCNW1xEac1sGnMcNQvyVXIR++GMzeJiRUan98vMBBrip4lGVQjO/PWLRA3jvA4Bw0wDaUr1gFdaNdGKNjAeRdxU2UFL/7uW6Kr/3L9rV3hlGGy3ws0sgrPCRVgi49mlvO144L0K9Gm+aS5tWMhxwdQstuk36M9jngrdbNg0nTMNPUGWkLmEdI0i4s4ZexR0r3xSF4OBHSZnAPNbNgKW20jUGHhANQfDSL2qWZopSYoRc7cDxnuFQkqfj64RMbsoPQsuGACnDw+PnrPBvZg44IJTBF0XueTCDDtSD3NZqJvxeVzq2XIilvW0qB6xxwcIFWLUFnYurTIZhXO59mgx7+Cihn5zsKEo7GC+5DLwDNnz8QJAsuPYTIM1HQGHDASPObeEpQIDIxi+vOWSHswDo3YoJZzcsfgMYQ4qS4izPTrVAYnVzk+8cSS8jAPhu3gKFulSiLy3bGs5M9L38YKyr9hCTL0bRkvOHnK32DmVX6s1nL33/KTWiCDJIahK5zANUbCqaKCspHZszCFjlulyYICgS8bx3MPf3VRAB1m3cbIdUkKqkgcdDQWO5vsXVMz1pTYsG4111UaTlzQQdxGMt5zd6yeZg7nbvtucIGemUy6fAPzc9J4/EeTkCbn6xsuxh9co+YqnDcIH2RhUX5ziENSM5C35FfSPNDLK/OaEvxNwmvx72WhDlxzNqQrLNAiE2OK05nJ1Hfm3sLELJ15thNA3dxZ3o9gJn7uDV+aAFo8vYgWL4ow7NfGsQnYxC3YFa7oAcJz/XHvycnOoPiKnyx0T205kUscYfWCgVs80QSdQeARCV5xhDgt9CLsERG68uhcz8chKn+QYC2LYI0FSwuEQSe4eImFRlNInTCIJzZh4o4MRIX/1RGo7ilPcpJmRUCTXEongEoF6iaQGTCQ2Sgb5WSaSviiyVI15SDRoo98sJE4ENLJmHCn6Ps3MVHm1SsD6Yi81SJyw99j7WFN+rMDidTWppiVnBtuygCWzB61va6jRPG6hEUL+/YBi/A4EMRBatqYbl6WgPVKVIAiXniE08kfkZkyteVR2BxAq4oNyVpzXBy+lyRj0QEk4GmwEHMJGnEGLPb4GMsbaGmDNtV6xONIoOqUNWy00PM7o7fc6LL34qTtuiwOkL7cih8JC9z8VSG+81HMaFGYurz84KreTYc9Gnm1EXNpGpjNPdG0j4ZieysUaic6gZFc7V6kNKBHmbE60WxZk5ROByrAyjMRzdYQTWI/QPB7wVkRHko7J1xLtGDdG5OywETFoiE80CEPNPkYnI51nBdI3xK/IcIojRwbE0QgEVmHsBZfFeQRm6xmVLYCsPd49eQ94WVR8LouDiY6/D98dA0ee/BuhYrAKXdEq1R0h5Z6FoulNWseyUC8ylfKUGr8RqIFhH7OkN8Y9S5OQpNW5k7dH4JfOpR8QLOFr3apkW5acYDO5lg1HrNlgWPTh9MleBoG7pZPDWpguwzs2+c2jiX1R/D5icH1v+0nknK33ofoc5O6s9x2qHfoievgw4ZQZjy9NE9+w8SET+l5Chxu1SXdL8QgEeKo2lWXvnCK+XqB6Wa9Rv3KTGbXwnYKiwoxM5hUZqnVkBV5N8oS1cA8e1IUH1vvvaW58C79MRGiWtz4gSed5uwZbtN3aLcCfk3Ujiv7+c4MgW+4ANhWeiMeG3+JYcIIv5ERkzyZ0Bg4mZDv8/0ajARGCKwlxiw0DVxpJRiqb9STbOjV8n8jccS5cKiAstNNnTAM0vZbM/sGJe2JEw8sET4Q5yn+Y996qHag2XOYj6pwzLzhTBW4rbFK45VK7m2qHBptjaXCVh9dvEnPeVk2gh5KVUgmbEWy1PGU46xMPQcxZKAKNZig9KQLSMf8BYQGx38XZCpT7jLfSoyB92Q6ko53msNtg9t/lvVxHUguK5JMs6yQ8M4k4jyViRShXB/HWhkzxovJ7SvUQz5CsxvYoMaxNhEK40QsdIngLFRG3bVvph4roaWthVEZQtoog4btkwBxXRIcWSaQyQQujqU3qN9qODMHIIXkTBY0R9Mrc1ecgR7YqI2i+P6jcjGCYAnNaDgwH4ewLTQo2Ag09ySWjgN2PMDrLsyUjSVvdwkFbH9Iol6VEnSXgeh1BzS/PVeGJfvZ1hLVaO0GEN6ASj2A56MxDj8Do+svjW/vDgD8SiO5OQ0CCIroUYWWD6oWEJiX2mwg/KDIh/ULyzzKW33H0VvcilFlZTsoR6cH4joRRNJ1kkATs9umKyf1/cUdJPogP0LtBYyPqAVK4oRkASfYkef7zReONBGoD2KmZMu0/fZDkR+ni/b2HPCkp8WKDuR2E3/C5cq5KPrMCJhscGKUqmN7IM0el/2sIJq9v1mBb3p/OlyAE66vJf8c1EE8xPq2JyQ+iL4ZzhP8IkEnMDhQlkwnSZQcJtL3xJT2TQm4XLQ1N8Hal2YSuyGvjZUypCc/7iUasCSRugygY8lrWlE0+ulOorU3qtYkpI3MGmXgTfKYdlO03QdygMU4XmYIboXqc4DlVIKycQMO6SYvYGhFPJ2/u5M81Gts6aReTrj1b1/KvOznzxC4V0kDvJLvQBwjAorVAR0Ahkaq3I8P1f3EmZujnUk9sJ/najoxEXq4nCJ3qlMhGJ/LE1QNjoot2jnMcvPYkHkxG2NmexFm174dV/JeL6uhBuXpVSRbrnwAN1BrXSS/yB10fui2HgVaelF10SlT7JM14CnfxoiTbJ4pcloD3SbxC+xZ+QiZU2VbypslliNBBquHjt/fc2sOhi5T7/63rYtjPkOB+yZXJU58kevKyKT9h8WKo4SeBew3HLwvzE/YYiOrf+wr/KDkyCD8yIj6p1AA67vjw/5OKwrcLicl7dCTIwieSRs1ws0+6bAJiehs4DZCsUqBk9IQTRJsxUBRdDF2MLvBdg4U9VgYKPtCRWxrG2HMxlAP8ghSQcc0SMdRIBqcKuvezAK1zzZ5t9A984RSS3SSh2bjep7+H14KYu44GTD/xoqTZNplKRMsBSpsxWZFIIG/bh2xMs8dmW4dQfluX8auPIFCcnY04F71+l+Ln+dciGq1CSvSuCxy1JER58pi3qAhOZuFpFvcnGZFKjE2O1HPBx2Ws230ASp/8r1QCKKgo00bJVCh+97iG5KBw31GUJQGUOjnqGEI9bRgDKI9wSTN+MXQut2REmdUneDFscnW+MMKzA145HECRs+7iidyfsmOzqaGwCZSfmEN/QDk5StQQNG1Fnk+gwHl+8NAp3odFGCo4Gbw9fbIHJ2HM6oG6TDJQ8DmsDn3q3WRuw20BWJwTrO5o28AvULCmmDDVKhcQ+bP5oILDZVQNdyji86jrVu9DtKtpnegPEeH6cc/Huz9NekGmyuPgTxLvSqXpJ0aobOpa5plsomXHqn/ieZV6aumEWseDMacq6CJ8RRp78gIIr/F4ueAAPPi8fHXaMmSghYIyjJCpUfrFPHkXK6UdjokBF1/AAhHgk/RZCYMDSojjzBnsdL0nvIUGo2xBj42VHxMW+mMbyc2qZCSONN7N+jFYccB6IwNuHhui6DEK/CHwEFxJXlJ9/hvR2oBw1ebBngAzzLKHPcGcOo3hpcECdtxZrNdzCAoGQ2bJuPweaSRTbHSuLIzCcJSF2JyF8ojKnHvC0aOmo6Qm6LuM0R6Hkwbjn/xivWakUOSxctrg7AKYVr3gn8zD/+WhFwpmblJFmAXk8qgDipl38paxOc9jAp9DB/CLY1/EC8Rb5yrvKDqS0cyLmdBPy/gdgfr5O0GtcYIXt6XrTn4eCGRJThKaRq3IT4D0DU6FNcQSYLSK3eZOMhGkH587idCc4ZmEkW1fgFzyC/3AFIJEJH/YGk6pNVBOebZwByAryjzJYp3hGdqE3CWpZVCepjmYlb2/w7gF2yLaIkJkXxgRkqenbeYA6Qew7uCQ7Z+7Oem1KQMlWqOx1wfzRBkfPtj3j094FCnKH6eXnryho+JEcef/A9HWl6ZlLodZN8T+kJfGRMMQUXlzVRZZ2AtDZagRODYInuDsHP5VyjaPnJgRNMPaZy2vs5FzRiIKS2R4MLRIiJEfiCG1tuDksQ9we5bmkFmEWDUGxWt0K8zI/Z0Gnh4Boy0YEgtqBQmC9enEtl3Y8ohiAQRZbnx6pbZlelNcfMo9GSMDslOKtZWXlbRlXtwZzmEl+yIIn0J9gKNiXpRd/CTqEzrAM6wRmknMy+sm3/MkQlYffW1twGVehy6tqKDarKAYFDADMBVQ4gPY+Rl/GMWopgKmP0C8I11Gany0cjW8LLSS7om7z8pmoOXOKnSJ9j3YZkWYDN3FLnRmJRX2TJhNfOw3V1Op1i9t6m/MH0V3hEYa31MIT3H0UdhowIX00PVyf1MMj7qwA0ojuQ6iSlVNQ8gTKD10DugaVVWcGlDvNyvWPywFQwmHqgdgYoS6ubZhlf2K+ag1vfm4T8Hiv4Zt53vhg7jZ5FchuD1wUypCnsxu97UjyOFfBpsG3ydGVqIunF9ReVl+l0JaLoE6EvM7SDl2UDF4KNMxKtZyY90eeo0z0B2fQkc50ncyPC5OjHbUzRtO8bjLDJGVGjyvV+kCKCqhl09dpqWRpQQGp6zBLAsgXPOsEw09ADvcPz0mYdZ7zmotUbUucBZlFQEY2J1PuGV1oZxdJeXhQoqP431nplU+bsdB61IPNT2UNDFbazpEKH6+b9oJ7CAcDu8isLlrfaEdjz+afiU93vvoCRiNCV/1MkoezCYjN3vq8xmw7o+zpaFE6KUO/CVhMMAxOgUbWWb7SurpnOh+eNJxdawNmwlagtFIuqrOy1EHWMlrZC+ZjI6HsbyC+kA74epWHXBiKkrBcV9yuQizHq6Ob4KZiJxwAiEHtH8AApQ7IjCpVgFDjSKZHd+YLFNb7w5mC9LnTAXgZyBKVZSH62Asgk8OUqVKlSptZZiqbnSgPRBjX3PUibwdmURFOJlttvpca4DKvwPgtSn4l+5uOBhEOtrgbeWhqHgtqGYWi+uEIy3B6Ax5EtPkXddVoG1dX4PmoxEZDBKcUhLdYSyCMzPYgyc4s2TWOhziFGEPx+GEPeFL99wxhWdLcNH5GfLoBKnk+r//uU8t0tJtYb35/yvLsiSRD0Zw7mufr7nYEp5DvHWEskyv/QcO4OyJGBn2efXfxTpVFvm8kZMmOWVZNxlcVUWeskkORkChWISDDYUwqMMt1QAAAQEzQAAIACigYFBWlApDUXrvYBMAgACAwMCgUCAQBIQBYTAAEAaDAeGAICAKiEPCsFgoEg+nWSiovDQDOYmXUxQ1ZxgT8mgp/L8VOgMLma8jW0aszh/qp2yq19GTxisAK7boJXXgjfDQk+EwbSJaHtBfIhwaeo4K6VlEpXHHqUMATFxZ7sZrTZdfRkRSbprkT8fTLzIVkfJCWVwm+jBbFq09QYAwElDWLmDaxB1HmbraBljKBGcahKENI0BcEMU8GYs7pnWOfYe1KgRQCFiu5hkoK2uDUxcbTS+3AxA0tJ1QNbGH+4mi+l9eFxKEC537V7p+sC8X+vb24KdvOE+3h0UhlFQWkqoiOK45K2KDYENnOpXFBzaqPJ3WgTE9G2D4M3d5EErYu6Rhkyua1EwNqtmDa2xll0hnr3vd95VwbH56jfXVq7gb86cKXpbQDdQi+bSz5fFzfcvkU1xfl5QVWUxV3pSOOPrT/+/sqrk79k4M6pRp1ReZQbnXXfDO5iDEGztwoWtAya/FDYXuxQ7fJmfoN3muU+6rs9Dr4OjVJoNoWM6wWimXaSW86kCJVBsWeFAhUCctcdTA7dIBVeJWYWRrRMTbPEo4c75dm6dRf7MIgHDw0OY79B5TsvlMkxkRq2J/bXJtPf2D13YKwoA3RByO6EsiINNyWsiyjCcUTQZ6lFJdaU0UxZpxyQt4sZAemQlHwhsRTjg574xu9tiJpEn46hK7eKt30sP+hBDQoml8YZd+kux9IOzUNaC7JdhrVnTcfv+iFpoYsbMoYgix+q4Be2MSTFn4RdZYTuEjdyO6DTyHS76Qxtk2kASpdg01UqQCZ1fyoPiZwg2UXOoJK59HkhxECz0YSJTEcp4cAKJMv0aQ04cq01KjrGfZwJlAJER7I1L/0SzkUNtKL3VkDxbpNqTvWHJoC/T55JJE5vx4kGFxwiloJ8jCrCD5vTmUjyM/2UKvme8HKnlWhF2x3uVEx8YUEiA9kuzDLwElw1VKrCy1rF2KXsWGl6lLl6bCnSs/TSDEHOUp7dKnFhqoCDQO+9iWrw4+MiAqDixyciCw5Tuo4gB6FVUj32ldogpnctMsJVDzm1/ADnyueR42aiXQ/23QkcapfPmpz59kc4xk+Lrov8UjlORNG3BfGsnfuvFlOZzp8cuzeDGBnnrcKG+OI2TcFF83Nh9NUTXz43k7+fYuEPDm+fnzEcTRmw2fjj3Mxdf9ZIyz3j6xSiZA01oxaFNLfVugPy4+rkUBxw/LQoCEJwcUkmVBW7vX8eLjgF0J/FImk3J4fZ4xwKjsAwWCdwPsFzzZ1BB2H/lJ0YQQWnZTImzFbVGkj6yZW/LEhcEml9XA1ZDi3NNo6HlobHzpExrO4mAyMHBoRdW2l2flerbncokquQ+TiMdLx3KexlcWiZOI/qNZqtvM5ra6Dt/7t8jLhff71ULqMaSBHsbP+2TWcvE4NHisUWp/CcZSBFedirm2gSvtx5ZC1dof918fHRC+vzRhQ+mBRd5fxVoAIvFO5/7rDZyX9Tfe8/O6vuEKwuvDngN4iL61Vy44si64+3CIfC/wnmKtLiQ5xAU3TiEqpUZKdTtcqO5yGJcZ5kT21hRuCoW41ObilTcf2a2Yv59u4CZ5SbRHdn0TAX6jLfXeI7tuXGS5lfUOdIRCnD3SwHbZOzpu4LP3rwCXjOHbl5PIvQp7fnG7HTzcIy/Ub4RSRM6RdaPrv17bQ8zmLH9wtAD9ZxJt7jRt7kMh2fwVIE9V/91Zl4HGDlo/SVRcOaMF55LmOpDKF6sQJ+1OCqbB3WDvvCfYgD7wgzowsUAzxQUUqALdE0TlXfUAuGgAZ7Slz5SAMCwOQEpRAKhLAwBXjRr+xyRsFh5lPZwgnvz9cb9Il2JGGYuIpLNFHIsZh8hPIWiCJav8wY3fbMosfa+fJtWi1yQSYFz/7RDwyzf22P0EYzbMLQljUHOpasMB0SjO5oR7ZBCT5cS5OZwRyySOv8VDaqZP2CelLFw5giaWEpfM6MorP7PKgW0suxBJZaME7fSWO3hsu/DJHL8UIhSJCSJmhqhqY4SLEiHEDm0RFSPhFQh1gaSKKqlPrCR8J9DwbAlxUh9kutAwevkbAJ2h0YR0iRispTN4tCndVcA+XimCLx2VDcD0RyeT7JprBCtY2NkJ45oW6WxVSU2CNJkr6lIBkWAWhS8nsg5cpT7QCr0XhSguA1INdGm+x6mibG2d/cAyxY1tE37fNI8HUbaDLVjS1gIvyPKmXYsOk01cqOlVxjROtGg0DJ7yQkDP9uHWi0df1DIz+l2HhkTRNo5kO7atYHY+6uIdBuviFv1DrNrPN/juh3r9IuRsl6BtYVDZt+H53XDTY1TyHUT/WWo2oB3MVyR30H6/OxO1+uzfpDepd+f1IYv/pE2n0zpKqNoEUg65GLPzKllyyZs4grAJQTrB0Ec2QjHLKDmpU4FOeUipSENYhTXUyklMF8TCV5p2Vr2r4z7Ve0Y81BKVOuXtGF1E0WxMuAvQ1pw8MEruQinbgZwQUG2VebWSXctyDw2NBiNVjIlM4BNjfbuuui3MDnPpH9+NpderXULVFCvTVPIm8RGrvFx0zxt+PEict/hVScgzd69lTpKj7n4uc6J6Vb3BHTXxjiL7dba2eCas+iRzRbBgjq7IOHxt6K7bKi663wTnGL1ZNd5S4Pi/Op7o5hwc1tFkVIQ0NMY/IhS2IreUsRZ7LsaUvnambsThEkYciqKdvkb+DtGoRAs+rkeoZIeykK8YNr5oinoj19xR0st3BkrMUp5n9aS4tKrVCbbCaSg2b+VeuAiEJU3nXGqGujoLtCtoD7yI79jLXrP0Ie8tDD+Z2hIYksG2lnyh6S5lP9Zjpt1yDLqE6vs00BNXP3a6+mU9PCF6Y3jnFIfucyM7RW08f+yc6ps+MwGABvMbGuhvNIFRKfvJqRsdtfY5J4DtVA9XreE715yeMjWwrLNhtbPFdmlng517rdL+0S1uz13rVVAk8ymOY0cnwNGhpcaudi/IrZlDSOLocR99LteYq8vpfAJPASbtJtenKOCQ2jVSwru9D85bJ2w2eHvFburVdSgkE6sT9VU9rdsJ2H54tU+kDazaKcfbc8SK8YjVU+1M8o53AhfL9sBCg4W0cYUWwNACIPvLnBYzjG13/DZVsjZhqC0MYOeelCMAgSB2AtvbIMoVFDJfm99f6NnBB0JPxNY+rAcDxAZUgrBV6/oAlfWv/U8Qt2GQ11oUK8Q/U4qrd3i1tvQGlvem4m1oBvbefDj+r0gt8TCz4pAJMS4ebJwbKK6Bxom5yUjSO576HwqVuZ4u925mzjq+Odfx3FelmV/9s8K4RFeLJg3J5JXo9Ajc2UOm7uuI1fr0VFkjMK5X4mZQnzil2MzVsl8/ah+X2j7/ftvojW4Cwt3mOO8wJA0IUv/g6NdbC4qcg0jKUHJQ3KytpcB/T/mA/TzUjFm7OWij7GzfRp9BW+yQnM0gtn41w0YW50atbS5P3J4ku4NBe4fxAd75YBwosVx3yN5DvtU1/qybt7QKS6OSjsrsZmPs6NQXE4yN/Dpb6IXnUVLCyHfrqlp4t6s5Og3ICPwP5RuudOc/dzIJKmAqmieudtKpdRAO5nTSzjMQ0NP4lI+wMx+jqLtHNYjX9ZcxGz8ggh5BbbIrkZGvP8PMnYVXnnVUS/CyieQK3d0ELxpQ/uYx1xm0jvQHub3+aDeLYZvSQzawXyOpbv40FYyGW4Dvn5og6fQ1jzUTW7G8vV+gKyM+NTr5X7PzA9300+DtZ7jgTxtRXSeukfr3hCqNo7jiWzBOnO5BvHjQVZ53DwKD+qSXCm/QgJwWkpF8LzZxokgj0wm8ebbOrYml+yaFC0wAUAmb3ULXtaI4Q1yFKM+eixdZd7To3Q0zbyaaAAA5KLLFemnysQTC/O3WzXs7xvOhdC4CRsZ7k2hK+d4K438u3xkWvijnfmASLaaAvvp76K9fmB/b0TkaoGF4fPGCSVs7Ur5UMuA1Irg6K/nqzz8PGm54AJ5U7zGWYoqmEEArBzuVPAnfz2BbV8+FnLGTM4zqAP0FohYMO3/78yZJBngzcOuvsWgMXjGGdDFEgV3qQ8i0xL/IMvnv8HcGaRHmSgIf2p81FrgSxBOVY9yKrfNrf92gQ4GBQuEDVA25hXUzGUL0nh1sjGdE+iEOp6sa3kDICX2MLaZitDTS7WBunEZIFSeXuGUu23BqQtgxuOL72qQxiLAnfh3/fFd6O257o+4G4HusnvgKG2X/9HYLz5mq2fyEJtDy23rEfYcWd8sETJ+Bf2rIyqzriHkz8N+9iI3I+PFtn0AJmo5cgAgUWMLBcARBZCDnrIzw2W8nhQqHiDc8UA9/GOhVtYWQLswF23jv4yhhRYQgbA21tSNGo81NdVExqXQy6cP/DqNC5UdIKssy+DcEgutnOMUL0v3d/4cZtX1nWWoLUSU/OcDWolFNAJWMWeaadxPpj3nw6gDC09wN/bJebiUAn1qQttQyyAuRT+Gp7lInyZzwXhYvTwekukjXg6OvOSw63HsN5h+7SsDSxKX1Xid68cytSwXLJHYwkBYQH/sLRJ0ZMwhNpnJuayBjBNqZsRWocHDkOXZgwRPuASHImIfmSC12Q+dgU4yaf7ZrsGiKvVvI6vqOi+Ebq8TQvfSicG8G35rAqPxVjR9/oplctnNawkeQG+LTTGLVCBKFURRICuJpVSbm8ZsVdywHFBVMeXHas+bA5KFmRAxkemAaVOpVNVTwy4dE7jCIyM7ARnNKvo2tnIbsUIviYGC+9omTVxL8ScXlxJLlqckhui7qQuTB58tNOPhtZhoWBeCQ6WllCPXFWO/Z2Aj73MYsYkXWW7b6GqOttFc0+uITSA266RrWIo+k0QRAS/X2g51U70UdhRGyto+ojsjD9/jOdzOhhdYk/0L628SVRw6Udv8lAg6B7oyjHEJ29QmpsHJhmodMqIc9XZ90wMHIGtqcosjWxna1mjEJi+shbr7KOT4mx+HhK5AiOZ72aHt7JPQPKnaV3mOfgi9PkbBBP8J3wjjtG4ls0z+MdmSAO/iW5Rr7NuMPoTuybnhLTwSFQIqCv7ibaVDgfPX+4+oQ71pKJh7T+J8VJIcA4vyyJ9DQWAB8KOMWIw4wsv6IcEGMliFoNQfXOIzEHEPkC54YexilTjyMQQ8TRel2wTxv82ncMvohmq2o0fF4/qJOkbhkJElJypKmiiXW/swrX679qQRcmiqWW2R7tEsbKRNRZ8zslK29dYJy14/sT8RsBKXq0rl9W6ouHQcXcdZxEP+vIoSms6HpvDx4Th485U9VlDN85p2oisKxlPOqE6/N1cxPe6/7XgEW1ryYVxZp5qhBE7T5JnKPlqWci32xXLkI4d8cQkQumtyfeeY9eHFxcRHxpn84nqzxPQD88MOh9ry8WU6EUMjnhdqDIKW7A/Jw5qmQXkUvcpVFCtWWv/aYCMGalLNprjmPHNRcwoUa0xxHD8fkg6EgAQ9V+we2IM2rxDE4krjmofyIyGRCELkICIHrkcsaf11gMvlgKIIPhsqiV9xl8v4ITmSNJ/hgqONJ4yZ/7T1WzPg6hjpFZxYbtNmfSZ/tzhvTLDysYU3DGgQbeArqtFnfR0QCIx8J+lTRtFgfkfewAQS8WGY4dDgLabWHBYTwkcXOEDthhQKuBBw7HGrP44tZZimfECBLqXRpr7uSVnudY8YPN25Mc3jLpXPMlSc++RqxFq+FNSznNZbfZV/e7LPVlFrKId4ay51dbu4skzL+t3lWe8myyckas8xS6paJJo6bDMcNRZEAbVyuW6ZysHPTnvLsW0wjxj16r9uytqpKh7g7N2IWpZPz3q5l4QvFcZ5YOrT5kva8NM1mrMnMPOvM+M7reNaIeSSRvEcFCxLJtSeQwMgVEmpjoIOIgERjqxNiy3XjTExYqvyo8bc7nXmzgyDPt1VtZ3HiUHK4wzEQgQISGPkCvLbODF6LEbMEzMpRO5YtQ0QEHQ9vQDCk86ZlCA/aZq9DxhZz8LKXjFS5uF1O1LPFsBZrhUNW7DR9Mk7U75gqEoE3UM0/JC2DBqt07b0VTIShoMOrOWRqaBCgCAJjYAAAGBgcEcokAmk0iiRNSR9pcLEF92AgZyYiD2hQBd83oXbG6N4gEtOnFJNvzDY/6P7mOibiOrNh8YMVCMcvoShpbQlwPGORyMV1Y0AIpjBxjGGOT1sPGB00xUPmClGr0NehnYexwgiQh6r9VJC4E2mAwisSXTiQySlTq0jpBHOROrV4JBGC9HKL1qpCfxPhu0xfmtM432bqKQRzm1grlP4tqVHx1aNlT5ppsCYd0xDaDccJfT1pckNZRC0HGZLACvF1pPsrZPOywBDK9qO80NGLWWMrEYl+bw6+ndvyjhIwYhB/gyxHYRR+Vfd803V9KgCpjSvwRlNFT72i5hYyWVEyLyChXVcqp9AQdBC/hjbKSYa2yEhygvyYFjvZn1QKfmLv/Cv/JBtDhCiObFZmX7ezTMtGQzjObR6XaFLZ5gfhtrPVWVz5aTwrAkFxhHzWRnNdlIqeWSGttvi0zonSeYNr5kcnx6lB9oLMxswXdcySEcMmzFeLn3qU1EoTFdUbpzvmpxm+RUEpcfwercgp7CXhFEES1t2bPJ7nAYd5VGhX9GFEB1DR0j2OdIfFA8Q6JrEtlFJshUI0WrrjSO+wJBDI28B4leTDIw0kRfidiRN8tOlDOJVKk6R7sOYLk3SADPMo8G6HoHlI1KY+PHnEyHMuxZHToF4tfVWGXVKzk/1F5PkALrrqdg9tfiSw9BDiEIf7MhzwgRxUMqaKLlXF4/D+T0rMi+A/stWMtLWYzsc9LTzRxUeeOKxT+lGjwIcv7i56kfoiSMpYU6oVuXj48ngwUxC3DqRPKZ6EHYp87mAPyXPIqNgC0+jPCYxr4kaeD0SIfXBsV2oDOGEThAKJ8Rh0B4fYsEQrWylZQMMuEcySZWdngDLUdJoqbIXAGQ4B6UPkpanSTGLSjG/1PMYR1FoiM5ZiFD2HtsfGWOm7GdoZzNmCvl5eaOLjlcLmxKHg4WfEwfmB1gjod2JgDAHbaQ7fEAiXgD0iFbDprnYQb++pXSO6vmu/e8rl9F/lH1GXXBD2GtN/8F5S8wu9BeoIlh5XoNMqcJwIQCIKdjr8dCpFaJagJ70/ZXUAKUz+Q9nn34lR/Zky/IFS+wTE+W+psDgqR0Qtg0/u/I+B/5AWCr2HXUsh8K4HmrW3A0jvIzL6qGcoQ2KitNeIv97s5YFVD5G2OFvwePMuVesYOBANibVrHi3C4u2aIsoG+Lq2upd2QG9ZetxiKGL0du1FOXeNIbekdcTE+a7jZKSNC992WxSfDAMkMMcTQiBK8dYyIWnctacHI2RpdHFCIPOo6R0e4RoGAhqWVqQHFz2P8EqAO+fitgVxaYHD3hBL1yKThWEHW9chuTLUleO7FDKrOSkVBI/nLH/uC6KB9SI113JghWE33w+p3veWiTjYW903E9CD4LmYpJP6K1sZNCAHsDrbvUjNQlxXTojrnPUMkn89Pusan1rgWCpDIybp3svp8EH21/WMwI4Z9dTQi5EyYohE6P1WNAPN5rxaq2cymnX5DrCcGC/F57Ws+SFc+aKgvPHrWFQQsUVVbZEtpKxVydKFtHH1abdJNcR4KUuNseFYTW0beX5KlTH0FLecnhjLm6RwZrPP51I+n0Yt6zhsmEYgCUDMPowqUWtO66AVEYwOHZ4lbRalX3Q4d+cwPurSHwSjOlDjpBxoGM+8jh8Au4U5F0PCH9nLPAB+o7zDaFVEu3NiRCMl6c+rY3pHmC2NQ1lhWaQrGNNcvY3PRYqoIcXEdrQW8cqsUiYaxqCGxXCsacCJuilJC6J3uDe2LbajxVPUosyzgN+X7zn3RK5+QjAlzoDBZC4DAXxkrRvw4XrsTWSqbCIzNFQOQK3fn9lkBP/cEnsFF7kZ73xFUbsAN+57snqdk0KgZMOBhnviTj9YkVLuKAjVXcICtDAshQlb19Dm3/0BugY8MWY2qqaY3u8atqVsoOpH8sSlZO5akpjvOduKvuBJd8Va5X3MhGi6H/7ZIhXJfgGxLHLEP+MHgU1CSr890AO3x6OhgOZ9aHFRzsyIfSL/A1BwHUYH/yC3jbfvSUDs48lwqnc45oMogfPxVXq6k/7vmUQEDaBl8rIlzVBNo8fsHBx4QhSOIsAZLHmaozYfPMYZ1gYxCMZCNVKbgUzpJQVBzbnOSu2JjiVDi4Aq7ufFaoChIPr7DwNMfdiWODgG6so4KFYLOfMcbd8e/Id5cmNAJ18QUHw5PlDP1UvwqlCQlv6ae5GFQTd8obch8ceFk91BzPttbSh/I2qosi0sBeDGRoSz22tXwCga9oIv3zCBag9Ni9AVgMqJDRqVkDlJq+O1xHTHM8tX6Acc2GH42O0NZ4ZvCxVLDpNZc2DyQ09hbjxMINWSlDyiuoET4Qmwr0Hn3VTpHd4rNMJqEKZhXsAC2sdt0MdGb/EtE4ciFGzYPQaWyhczAuJSIq0DY66YfbhRG1GOyzhuPhtUhniEDmRuHZyb/CZlP9rEeWFxgMBUzxzZqeqljszr+NU7Vbbw7/Y01/Mr2fsB7F8Upeo9QzAJnkhnuhmb3B87NenrzzwA7IkiGOybIhl2ltJfkwHZU2EpDqr3GGTS/YN5NffJpqiipl+Od0t5TZvqgjVU6wq80ufqOveCLnAQMZ8P5x2RuJQGisSteqtqDfujATG+Z0+uMB0AA7IKgMYAFbyGoqqIlMadqhmhIKkMNNUs83kTQ0ACn/dL2Len/6egRaFaABlMvnHvJRnI8xcKrttqqWkdGozfZJ97J74/czlV19paNJfNFe6Jlivc3qskj2In2hTNShny70eku2NpJZsavgy4gaRl9pTfjJNCzJxB5NDafUvhqY2JmAkLlwDFg/ItnZ8fbTF/lATPLFZRPyjKBuETkRS5oBEZnA+CnwNb+E2zbnrKnx7br6iSyEq3uOBkIlmXQg9cFDN3ZMQzF0NbuNdDZZzmSeX6FcjLbt5OajZ/38SgFueq5s1y2JdTNOPepJnSbgasFFHT4xizW7K5VkS4kHNlrQ/XNAQ1xRkqeGSdPXgyLyEEANGBgy+CKiryhTb0cNA+IxOqypOaPAtEOQvjqNwk9YAOaYg4yWuOfaP1QbZvlpQk9+rCfCOO3mJGDEqiyWBFogBIzCM05sKYqYKG1JKksWicdAqgbjjoxAbPDoKIg0oxoygijSi+71uw2ygF1sDowKXqGl2wK6FwKIbkyPd+9kxSc6tfPQ2GNKztJYwhgiTHyVaVd63qntWbYzgzBR+SkIviMqbADStOznjUX93FVFm7H1xckNM7o79sRGkFTxqnmn6siiLwTLqBBWpe8NlGHmc33EVIsZhuwhaV+fdvWaIrmcdJzZvw5if/g6DaUdgoocdgOCGxqYspNVGcgfLEKx9auGe0scG/1GVSOOhk9jn/buMtWqN9erNZrA+ravAa3Sc72fB/GJ19Gonjo6fNnQSl/LbkHFuEezXNKjXGgLezR7ssJM7YksbHeqSLmJhYJUCQjwuh4DxrY1/c49ycbrRRHGG5w1JAf7wDIGx3tRF4M99GiWdZYaI5QofcggiBP2AoKPVQmtDDlpLJaOAM5NHdTI9hDSIEMU75j+Ji+PBL2LjmNoMmwFDJwX/iFdpdt4DuPumruzMq4Ab/qccisqCIMvBzJjZzIGsC/yUJYjppfkzQgPs2tTDihti62e6wFFmUwmdKw7n4dUzlZxDBfQaiF+85sSRpUDu23R+4n0W+Jyu6UserKegCeerCASIuBqYdNrboEq3GfLLR52znmU8k5Br9Xb7heO+1/fWg/zcT8db+wz8+R5nvr1qWt/Ea88ODy8QziHuWVRe3KLsuaVkgomE5q2UJpV5rRSuB6UTF8hgRjjKGQrL29TZGIT+NHyM1jS6f2KiU6iiPX4EFHcq9Ca0vB5r4hbdHPiPrL6iQod33v53p16mFgYXF0k6u+mUxhzxArCRvGxazpXsJ1V3BRBCnkwUqhC+99sZ5ba/IC4+W1Xee8fhB5+cHDpVqMfBkPu6SDzFcKlx3M6MIXZeD0c8VuaxG47aJqlmbbJlcshd39eY9snlikU0lWJ1MvN031bt7m0J+908d79hIfYGS5X1CEUSqrgX1ojN6EDij2nBhRmAg0PY0xqWRsBYO2iDHEVPTXIdaG8+pqZ1VDS8Q/MgDnWe91x6QZtBt4iFf+kzb783ZJogWhI3pw8hSdXycKtiIHJ7g4B0Er0x2+k9E7+jf8ee7i3PFFgO3EhIQTh3S7KxoMBPbZ0aaLcsVNGo2G5sVqugaNprxUbV2CYpnr9okXUKIhh9UWNlJnvTgIyZUUZeZfw/f+6X06/7NQiEuXeX7qiQ/p5aHCZFauNz5WsJEa2B30JdZcS1FqJW+sgVEhERZwSp6ZZrb6EE5lW8iKbmdQumT8RPFUpCPgnV9THUcgPHxz+xeJxHwSam4ZwYlPakUxrBvunri0ntbZh9Vjfs3dIGAoypwj+Yamz6TA3WIoKJ7+HSSIX7RbsbxxFf4Ar7xf50SPBdvfAr7IjxGVloGOj9E2SenkpEwERnh7Fydxjvq1IlJAu/Pcvd0s7uRgpibqNhR2vdGibtPI9vTHdZA1TQkbsspNBd6yna6Yywt9zC4yQ4TCayR2Xmw241IyC5N1yKp2okAs5VexBql33VCa06zulKk7pnTjpRSn4xGoUShQBGU8qO5dGqTzCzTpolLpOb3JyY1cpF75rHNwMsmZ9lQds6g8pA5XmmDvxs6Owb/YKkdwR2YnLgpec5tR/hLvOoROL+tA9JN4mgH2GnPREHZUd4zS7qzfeiJ1WZrxD6laHJGlOJ1AZQ7ABJHFRiQORhAZDjbxIFI2ZoN3JbNiTQtAM0DQA6sakgSGPJIKeDevXv37s0AiEvOCVhnURiw3CeJhwU5i3v37t27PzsjqVBhEkmWYaAZ1ZBnp0CWMCLIkAWCObAyPzvk5Br4qk2x87HAn8ijIMqmhqSIsksfivoJVhjV1T9X9ds5/2M41S1LIU9kw7EcbasluBDtFFtFA/WTRNlXzuiobEmHdCCNKVYIcVIQCUQ7nEHYi5oJSDXdQc3q4OUCDSh4w0a1IUutoyRGkqEuKXWGHKEMbaItPZnCMFTxhZOi6MJSS1tIqmrs1BXcTNqKmgJJTjxzosAnT0iIS8v6qNwODJ1SRdyAo+aLtYEFCcCqf5oB1EWRjum4zawgFFmCB5AZA3WBYQaqC9akfR5Th/Uf4ufyRcypaM3QhmZLMgyMslSUMpmGtHNP6Uz8xsYUntnnZrGk9FYQeA67ICmx7FOn2JKYLmJWCkBpoeSJ0igiNZRJomIET4FiHw8SNN+aI6evITNyLcQk9aHIFKaGUVC/SYTOMkfTzi7xGeo1kkpw+5nPq1SVvi/LoGFv4ZPtauTmnxo9IzWsINIbe1ojq9YzULdxfbYd2PETnxTP4LrmwPUSJzpikmXsV3b6uJF4tz/LjruUmOqcN6qmDVSar7E6BjH+XaaWUR+1I4/+6VfvwcJqElZyJrfnqqSPhUiZIs923UDxuGnr/jlxMQmluSlxiY4lJo2XfFM3J1YZuB/pkTUkSiYUA3/3atLJcEgM1SX5sNAkeFWDYleQOIr0HyKQINo+kjhDugTQBcJSJ/KuZA2NyoawK1KzvqFQ4qB2IzYNHRy1Dhsa7RqdeADUoAeaBO7hUz360FTOOQDEhm2d2EMPOY18Q3jIn+wCQmqHsOmqEZICFGUhleQd9qiLx+HF5JSLGZF4sKVpoFPDAlHXWRMHCooCdDaAeKCL8lMxSOEPeUa7b4BS4cPchBRn94PaVswm+JGkd6ZE7qXqWUjsfmrtUWpwzI3BSKg8F5FYj/mXWgIGGET97b1TAV0Sl3QRDluShyfhENXHJU0s89hX4TOX4AmqUkuYoTul3mxJlHuLkCS1ROR5LiHJtEtMKfsSqErCBAp2MTG9mUygHM3E06glIASeCRT9agLdwSamZ0jZbpOo/9wIeok3gbbiRJzDRpSciuT+JzUgezDogBHa3hy69HfA4wSqjGNOpCHKiZO5TiwnHf7CqoKmj0qlj6l1FlV5u9n4CgFMf3028rhd2qQ39MtUcVVKYcC588QqTqLlcYGNg5Qs6QRq8DqAnrwDj1AdgG6jPKa/1Y3oS3jMq0Z3i0PXkV7ZY/ILMEmQ5EnToGSQswlKYasD1NgOOOwoAvxTaUNSxUaGqfFsaASho3b/tGV8UDGyfjOPSDwtSSIo7Mm5raghBi8C11+BnTHk4hWVntVPR78FPCaYUqOwSsb5uNTL5ONh5QhxKrSXJ4/y+Th1fvCO398zTEqI2ViYUqTnKGQJUzyO4yHFM1kYLio3MrVXud5E7S55kVwkOD/gE+fAn5i+ktnqWVWd831wB9SAgiRrwmGgxfF4Icl3Nzg+o2qxQaWpM/6HgFFFaYawO+ffMIwqA6dAuiHQ3VHxfWAWzHtHsWnUlRSFVnXP5OUo/Vsbk6Qu0euSAgczyp01EcW0ufSogk7WzT93SqP/haAbneruOAoqBlRK4OMhk0JQCQQpgc+YYnyAflISPQXqvvQEk1zqCah8fmzNpoMVZlaIyqB7XlhmEv99EZEtlkS8TGZjqfKvdUjhp4pUUUwGhPsyRBn4sjFPssQURzrh+aMBbylWW7kTyLBqiI/p0L2AmP+1axpbQJZpP+rQgQzl+ZcvFhoGuBb3xQKZo/3IsJK4IZPNkWuyqjbzOcKUNTWzXmZqozZ+ywzTQMKHelQuJs2SytgmoMBZUM+ts6B+rmdBUbwVXe4/S9UnBAkLv5UJdpYUoY0aF37eqBEwVEIMkYIMTcyQY6HCjaonNTevkjR4aIqqVaQbCiwDEdx/Nk021JQOt1bXRTDuIXw1upsqeTkls6Gm13Bpq5npNOHwq+qFqhj7K8yLMULCokUG5aedvh6qoxwZrbQXBQOxcdjVnDq74jOG5B5VfCj9aMpGO2icJY2LUqiNgCFRTyxQ1XrWwFEB4YXWqDgvG39WTZiA4Kk7W4KhUlILgkriYSYn7OJtSJbqDaYKs4FCgYYIbUypfRgjt3VFwaiKARYEf4E021A/9fTg1xOyG2bUHCo6x2zob9qujRB9T0KjmL+9YHqcjkMpmwd/8zRXdSy1koPJgXLQVFAlytHguHLYGA1t8E6Lpx8Eh0BOnVOLZbDT89nrgauRfjppQYnoFs+5oPq5IDk4PZZUCNnfCt3Jb0jBhJ4CXvsC1HyWiY1u1JloP9MIxa+EaopHWXmoBFkx1EWTxUgR9XnBqjbz4ZkFxKNc6zdSVI1MRB9NlQrWBajW7igb7Udp0AOb8ilmRYL5VaYazl0p6iRCLOOfxsUW/BvbmTUiRi+m5kj7csL4pRHm4TV7Q1HcQwDil0QhQG3bY5HcMFrHo0ZMWi2CxC7PM8PtUsqXyjv9K8cAy80ByOj8nJ5oCDtU/Wy5KOlkBTA2RIRV4mBLNafVN4jA+SbA9sj6fznI46wHggoqJEWEmX4cGgvtYPdOvF17x/fnvj1b6P4cFnFsj+7t+XbWoGbF6IqxaiyiIbhhKCjQz72BP+egLFB7fwuqTg1DwQWAWSiaA+oPVm0azdVczdVczXUMDC5KCrU0V3M1V3M1V3M1V3OZRVJoroJZaK7maq7mai4mVs1ICJjSQ3PAFKQHx52ACbdruOf4cPj/qXbYPoroBx++FEYPHWx1uwYKeKvGEGqugc4eeks0qN2iYRAjRkOkNJqruZqruZobLWnBlCgEglWwQkZ0AyAAgIIEKFXhp2aKbuhn8Fl57NqrVGfnv2pUH0JJoCgxZ+LT09HWvguhEqP3ZQdGxZy5IkcRUJQcvOgQB+NhULKTSqpN47Cuxf84XRt3DFgf/p3pS+xRHoWCZwjqqHXkSdMRTGeShtczvZj30i37/mxmm9/sxQ0dHTYmFoL4+YYOjEe0IAWflr0E3sJgQs23qaa3K0V2OXPe/vlawgcvUzi+/So4TgHLIWIzp4UI37umfXqb0VOPoxoaEG1AqnWFnL76AdYkKudFZBIT7WweUQDEvcJJc2Pd0MciA6L5WY2F5MeFelU1gL07GfhSWjNZJX1QFE9YzD3kxENE7wv1SSaGNrj9QmwetmB7TSxmelVKEx9MlN94lwJ/dufPRYDMWBf/alC8WEY0PztaLwSGu7B7YE1TGvgRzYrp+4owoqtSX9TTF4FVB8B2bxcRFUKw4d8ihGpnpQg1ndlLKZbZNXNWI6KGZnutSDqKpLL8ZjRYRbqm7NRoCeIrmyhuSASRKkkO7IHgKpZFDrSBMJVRLenNC8RWKEAwMkC2OQpET+950wqqQAhEU1auJqwS9O2OUBNQ6QeR9aQJVYxDRCs0MVWgLK52JprySCSX9pHTu4BUEwCRpwxCNAFnCCWSJRHRP7RKfJgc/jFSwi2fqChHDh06wLoDue3T/sAokgL8AeJYOTPGT8qCH0EflduIWtRXB1ZnbkSOwUci/CVS9YgcvLUD6SnhmIPlPGTiQgOjecms9Gv76AMrTCQn8iPlZq6Uk+WsZnTipZoLwZg7PVo29Z9FdB5aSD3ruOYydnMBQUkpDxfQ9CJV+PsdxZ8XWxk59gfzgijPvUnmyXEEc0xU1qbt0uKY/HuNejwcFL4xq6r5sMzScatUsEhc9yeTd5HariLt8rF99fxfmS7RPnNwSRcm0tL/Da3KA0lq498IVR7QrUY4VKtzVJOeDVFpRXciR8AhuE50TV9as8380qdISlCT/DMdOfrFPovokQsBiiMFOuxwspGipBBcRfXnKFrKcQOS4vcW3so2HqdG+VCfX7P0C2V9n9s79Ht4XggcqKJI1MIvRSWxPKojCEQrL0cEaLVENTIZ3n9R4WkJU2UTqJAW4+/hjIqKgQrlHivXbFQ0FFTo/Kiiltb0FYlDFanfhTSXnlanCOr4E75K/gxGO88mupAxIGNeOIfyf4UXLwAOhX+pswllQ2U1HUJk0lC7Wh7Dvi1D7Y9qwKhHDDiXGGqohfZS6iqhF2rU0IylYW9XVc3WeDdoV11lSU1FJ+0oaT/JhhYUIaCz0rgMLf+WBW5eaELzqNuq1KauG6vH4+vRpP6Kc9eLUw8XuqvOhpE9oQvS+Qeq1T9WSK1ReTzgpxKjstAo6VFWEjbV28SKesNO7kJQb4zdodb0mkdf3s888dZlWTp2fKoQnSQSYxT+HZQbNVr3uTqDC8m4C06X0kmP2esCggspSt5JeHeaRI4OVUQJ+ZjXDQItx9yGleWADYp7+8T5yrpg7tbcSKvzwyd53qCFvksNvI/CPZbYzcbgtEaGOdi2oM/a6NSeLzbRO4itkZD9VhWwQ2c83adWXGJFHi9hCiA4ZDYqcRIiXp5USqI6eLczzHBC5waTMu40olJyKgo7mmnMJpabkjCtWidRAruVkl2ZEreWUk4gr+xpFUZOJYf3bHvzrymdR9JrTyRXiloisiUeuoyO/yipk4W0juJOUKXkhmkHjqGuSI+DijRuSAiPBupK/eJqqLFu3FvujnTRAtOlQu0nVR/DCiZXOATTtucJtQ1ajXtL7vklVCMi0FbpdLeQulqVsJUXnboa7fZepTxgKzQtNS/fOALZvoSNnJ+vKgz03j7Kt0/S+j6rdfTcSWqbERGapa1Mcr2ExWioMy2fmlD1kJdQLoVQHxK3ZPapU0M+pGYVs3uGYh48i+ef9dGSDPCi5+TAaBfd/M/MM5tD8/m7xzCz8v83EaiUX0+AVrOAbizt9hLReeRhg07NjamyBHJxMu7jiRAK4ZoJldehRNDwVibefGV1EFKozkstPOcJw56bGsJ21L4HgdBMntzpCTZVpeWIJcKl5/L0oC/2oJCV40JSCQq5lS9dIE2CDTKmIBKl+JHXjsJFmyy0SFQ2hbBqclTEqBSfdCsdj/0RRLkjicsoez0wdI9wxNSvRAtrKE5125AwySkdanTWIRPoiyT4379dMP0Pi/F6n1IH8Emd8Uc+M3z3CCoKPSq+/Vjn/XaSTjOB1eiwuKsqS5D8xSuN1JlDq9B1M6B6bvQz10f+X6nJkiTJTokiTQ3iED3gKQeiGuuYc2n8fycUxdB2L3OoKA+icFjlKNitLLGuJSoRK5K6DftSIYLf7IbAP0ypfxrlsTC5PJVzrIUIKfhwyShQWzYC6YI7+fwIJLZFgtRhk3e8nTf1rycrSir5WRodbvAoHvJCUgWYr2UySY+aXhLipqOzGzWZ5andaKZIjoIy85BGEsqP+DRIA92BHhJHo0vQFPc9U5cWOgfWsNMiMekOWvMZAjx/ADpGnAwr8IqKE+KwyXUkMdxi7MhiKCihy+4NAu2DWGCFMNyavKxR8IMQflgc3hz+Ar8AwgC/AO797S6ZimhNslYTYi1byzYHKfh8r6b5JMnnec3sqyZnsZaIhSJRyKuO4Qam7uUSBg4bXcd4Y7XazOgUGHXEoql7sbij66KpGvLmi9C8qgJFKlDkd9rWox7mi3RrDAw8LREUiuRwobuKbOPjABRp7q+8kXmV5qTMxpnxpPLoVbAoRY5+dNpH2q/X20jhFi7zEEEPlj+PZExqcCEabso3KVMyJnlBYAABAgXO8wwJ4tizpGoYquvWaXoSms0LTvHzrUF4kDvKRYqi1hos/k5BW6uJOSUC+sZFz44V+tbOeyomfHkAw8NoAxgc4w5Bw4Og4QuuJ4YOQYMms3HyQljoDnsUk1E0tHjBIxSTUUQ0p3C12ljuMOwdo5tTIg+TP+hyg17oNBePYdAxKnEJDIMwunkkMxufpp09OXt50qx8EgAoSgLgT9S8tbman5haloIvHq0pJq2m7+MQMLOmCtXEzN8lU7OhxZUCKz4J5csyk0Mm0N/yFRIeQCaQg6tSFiCEQieLDe8lJ7ijuf6jODtWrddftUIkFHLkjlTIG2ChFyJsNbP3RBw84jQcARsvxqOKdzkKEKaDH3K8FfJ++ZDjAhjneSxzOA3HBJ3SekWpEgQHqGv507q1SXtAlhzyBZFSpJAj7g7NSekPh3L54zQFyY0C8XCAKlLUWsKrKVYbiPRggRaYNbVgdLCp0rBpRqIEf89slDqpvuSoZFyZEcMTuBlP/jhmP338sa5ZuczGha7INlp97acW9lNfUFprTSFfAZFq40BO41/wNm8DozsPzwxyFCWBjH2523qH+65AUZKEy9Q+JF0aPDPoQINOGqwXZ9yogaIkd91Ssaz/3lEhX6+mB3ELROeDWOZA0uWJV3zAhSaWFTd/fccFQpasN8UpVfMrxZvn2Z+8DVUnlli/t8qIVegnJlqn5ba8ebcu3Dflm11NJ98tTsOKczOVvJnoT99xmmuO1pLH0DhP63X9/0YP5JD/12q6iY3P8zTFm4B6vdXlzQOEMLAD20XqFNUQAAHB7fBIAaKmHf/PhfAq+ZROIRXuMIcK5S+ijIpMSFWje9utKnaNGa7RxeSwo7Pxy0zpEgA7kDqUxetZhQreQ67ZGNrNblSr3LS/Sto5P0a2X1XiJkgMN9Do1nGN20G6cxpzAEbbHu676tsqm2seuFrsiag2T1TBrZ2pHTPeUGUuFZ+cy4/noELfvqYgr+eNrE21ywE1CrTLPWrW7HKmZgPv+byMeE+r5rdV7vkAF8u4jJeYBpSmpz2K9Et4bZekM6o7Lr1TC8ZeEvx0MTEhMc897XEKGPV6LRarCnd2M/mkECUnv1E8yutmdk9xLpZgZ6MZcV2i6uAVm2rYBwN52mcV8SS/c/VYzqetlOHUou9wpT8GKdfXkHGQD8xs32LhDInPEJ0ubx3ufEANR+9yhQy6suQR6YQyD8lwTauorm9vSXnW0zIVH0vRu5uBD5c7Ac5ae300Umc4ttAZ7HBRXAzGJdoulXU/4ufLmnl/uu3QFmze+Z9BcZ98Bcc8caBfS8TjUQBvJmXIQIKweuzTpct+vDTc8W853rec7OIt44BoLC0EWSK6CNUWvz5sJcdSqhgggsx5lEq7+IH8USclQ58x4zVM0FvgwNaNSvQf2COuaU9tQPDxxoBUhOmQ7pZPGL7Sgt45nXqOVD6x/lHd1zbq8HaEuX29kYGCZcv4MATGSI5d5rIPMczlgv/4DkJyxu1vApkmqdzEWc1XKrfCyprkLgBwvpiEsovW1M65WFsci98ak38NkRlZ9+cSnH/yXhsfek7kJ88oP3Lkf/Y3rlw6XlA87vLQGkVatFpawOp5zNKqQc+5b8bXlnR0VGqQTK5hxFTQ/3khCR2g/+R4nSjRf+pZNerbVzxiviEGC8iQww+2jR2zg9LkGM4HIMud+iVxA3TK+o1MQmggS3KeeHazXZErY5NwXSoRQKD98PqstxhbfScRq4/WrPcM+tBdFgu8VWSYSMrw4SbJdnOkXMDYJjLA1PyaLyt/sE9OQOMgOHkoYDeCDM8IZ5GbT1xahrptCxsTCFFVQezNUJfrO5Wo0LOdxtjnt4UyzYlCo2P+hdW6pzLnAi6P3Y7vLNVEfUU/NuTEEybvqF0DsitulUWWCarEMXj5gJ3qsjncpMeSb2YvbLF8wj2orgii3pPztLV9XFta+S6rc6Yggg7dIrIxKiLTeV7xrhd9EJk+7YgyuEaiRVIuwiHHVyljfnlMNboOl6OGVKxD444bU06n+IbQGBeJcGO44bKMNdhn7DjThYosOmZjcjLPJvVcEf7U4H/AowHnPw0sg6meQUJsJLO8zFAPgpcNOWI+B0eCgSSUF0ZsqTXIF7kDWKgwM05m8L10H092BKvj6Qa8Tkpcknixd1i9OLkbb/eNjgH47a7COXk7GNbGMF0yymXaNDpKEiOBMnAVC8qmf9ZRd6E/zyMTyvtR1+9YKBQvS+tCDLehc+RgEOp0/oJewS7XHu2SzXhyGDyp12Z6xJtIFbMP2cGN07WuzHtx2/SGsegI74GeqM3yjE7qFoHHmJ7YsUb0LUjT+qcENLxYKah6UgHmLpJuP62MjI146CVYZrmOFGz0TwjQsaSt2teknbae3w1RPLAxr14eRx2qsxhLafhWGkAV2m5LPfWqFv+V0VQv4Qwunz6teiwaNnfLrqeDTqXwOZHHZ6f3ruMmNebke5LrcdU+HH9WsMez/dqXYM/Q6ToS5KUUslxoSY03e9dS1TiHiqDFKNEw4PCDqVn2Ha1tLvcfjUydxCl78GAXZjzTZIYnTqYXXH7XEuJTEpZGgfzsHi1NNCwe5wGjxWLlYeDjSC8kOEBAb4ZLpfz5b6JepOvOQBuQLjSBwhlGQ5JlonPp3lyTfYiT7IzaQ+j1qRnuG74z3rKsmdipqbF0DT4rw9cjgM4Kucp1vf4bWRIlXr2QU71RcDwlni197pE8BBgTR5TSCrkZyrMjK8sQ8bY9HqchZ4NwiQsQHmIOVweJHPD8LjTs03FBjntaT3dXbxvdmpDbvtGEpQUICEKYWkj0o44g5R5C1P3WKnDPLqbjHULRuwbsFmQ64TrwkczWpcYwHsWlbNL2Y1mRoYxcBQMSJYgX/1yn6XYqXSh6F0tDQPobyrstwMvmfx5NLNFaWwgbuvDJJQ7GN5wyqAA/TPT1VHxCoGXDPG0l6RoA8vWRYtCae6blNhyyfseBc+WhDVsIGcatE+HkEHBaMWoujx0mKMdAbjAECPKh7vYuTneLL7SM273PZ0Ja/7wgwZrgY1oIPwWhuW9yZCR5WXvkBiCER6TUEgxYs7imXRl+obIKgZ3g1G9vfHlfgEDVDw4iheJ/nML/nEoBTf4/YX98APsPof6RWv7/hOF/o4btEzULQwjASjfq+GwbWA1W8ZAYDVKkKB6rUWB9iisWkdXS4/07UMIic0p9NK0e2qx6Qlqy7rc2BqQlAwq31A6cgRBRDS9FXPxYbAEJatkut8azc+7ilMkG2IYQBbAz6PksP1lVZSIPDIZdMYFWIEHh0k45+3rWenDTrm5EcYsunE4EvaHgSlfen3wmryx7kxeVD3UPstHmBjrqWj4OjcwkHczYNtleGhx2SNzV1vzbMApWYDwUHl9iM+2u4MYRYcdbvR1H56hCWDgLXsnbcWMNW+kHw+KLkn85mfJ63YtICI0i3du5wYsjv29AtJG95dB+MiqDhlfnVdpiy1paUJnHbfoqVT4yS+qu7g6Aqt7II6q97Kg3qJcoKAMaAGWoOrnMytD5FchFzLO5oCIWhU8JNSUmW50KXnBgEjfVpTpnDd+eHyEed+TDNWZTccw6/71HwSvNMS/ZUO7QsA+8zH7MsDNisZ5VQneqMTpOXvScJJGFSX8nEZonWyxDpOiTcfqT1fRukL5BqalXKH0yHMqlFBMlUPfT0Si9cVUOFABmFCQVkRGAfOoAJBMOzs2qYXcIBGjs82/LIsBBY67jAmziSGbIklo3SIGUbVYIHo3vXLvcRRsb2lBGCNIH0wGApqlO/DCehEpoCtctphroKYzzWI4eGGlI+cjTYqSUAE3HmGdSpatV1cTY22jo3olgxzEkVStceLaoMJXNv+aWs2o410hEAzO34ViJHFBN94rF2AWWH75vBD9+D0kQq0kmp5Be87TAUvL/HXSLFIECTNlTSzERGEoYs73ykA21rEGJYqsm13FH5kiNUA44AQ8sKwo/E8Ij/zWoBeASr8D8qxM9vmZRZByvi3QIbaM9I7deHy/5WnQm0x4/DQMND5+0ZFI2multfwYSO7Poibr5c0+cNnps9pVB8rXiYoOAOjlGVPRSiiqbIlzwGwBVd/1UIkTy0jtUEUbytAjD/ToEbH5LofNEsg1b5Avd6m449Sey/qvHNWL2HYhYFQOQaulOGUTLaEHNkFifSxAHhNKJjzVx1bnlkU94wBwZfVRcym4BNmqF4c+pBCGThcmzl5BZR2FIHK9YcXeeZ9hUjAUfZSTSNn92ZHoOapK4QOXLwZuslwJolAlvreEnvY4lvnU6BpOP9W0dt232iS3MR9XGZOVdvxg2fhaj+NHItiWtwCC/M2j8XoY/fiLOKMvI45ljfSVTU+DPvswzIUEnsDQJ/5sXhj9QlFkQ74tIPnAbhn/Qq37InIXc94ohv2kbcpQRs4Yhi3GH4Ig0ZDxVQ4bE+1QeHbz0QlbFM+TJ25DLuymJ/1RKyfTCX5H8CdS8EzbjZtCc7XygQPgppMyPDkH70L5Wu0t8YaIm226b9WMPJnbdsXkoz+MaOTxM1FIPDyH4CV5NRJfYmUtlidfHu3hqaGpexW7ssXtCa5OC1W2bPV9iJ0/Ve46Dblcj4Mxr6Ak5m5XCLZ4foj/SZzqq9XIi9lNwHZPfFM5MiTpcH9GVTGyZBk0X5tFzisj3wqs+AkAYJwMTl4x2Ikb3oFKLHpipZF96qsgdJGUd1VQv8SObz4Tui0RG7oumfnAzcA3OiIQYjTTxrfSzkFFFffEk9mI+VEStSuIExEQ6xwxCywS3qM0BBli9dY3b5J6yqZK9KAJW65qYk6o4HF/FBEVXgKj1Y5AEHH7QmPSAPrA1XUWrJONknA4cIbEGN8/tJbZOBzexa4ibXE8ZNos11ULbnjV0bJ2gDhXrM80Uu71oe1Lg8p4SHQE7BjfbyDNGRjbNaJJ84vxkgjHuAG9gzgVhmwlvYUO777wjxmGU4II4KcalhB/x2jO/ac+EMIKIu5prLWSjBLVCOBNHTin7OgUlP+xB2raL7qNC9r03SzF5LTejjUsOd2Sf5dHpvRENowNiScjJaGPLOHWmHWJZRmw+AjaYitC774mQncvuyPLwTcpnc0yIr1dhVfjPNN6/UeROANJKJCBQCd0g3fvC0XSDtRLfFFIdYuVmTG38J1KT7z7JTIywBsqrq8s7yt6/CFZkzNcngyTA+xWj3zlgdpVZlPd6QM0uN2s2oIZKt7jZRRUixBCnfG5BwmKarkLIp81ELP5b8Xgl3TQRpkvbr8EZ7UFG/9eiJLB4m6nB7RPyhOee4wgjigJYyCQNT8FCmK49lnJbRViC+PAuM9Kj91lhx263Obg7+nIwjfjke6oKwx6D8f24VO/PsStSN9J2bIYhd1fnG+Rvi5GK0N7CYe2NWdzglXcYdxlDKup6gXodO2m6haJ+58Wc1T5f7BenbTYiFJ50DPMMWlvzMtW1DdhQumSqJcyRfUXhL5iT0Asmi8oFle5L5tinx01k44LEljsGey7g5Rkfq8RBjceIlWpCykUkRRPJcsw8i0b93buRaOIbR2Eip7hGlUPMc4DzE+im1HmLAN6AtCV7HplTcBqovzq962iRN4eryZL6MWm0JoXDcU/0hKdBGdynH5MUnTRFnqlvBFZFqJkVmCC64tQwLEaNqcq0/EiaOtmn2jj1avqjnqFhTn1kaszmhI1hII1jo3E9yOHtbgxNkWkRFaA+atIDIN2VMIcFSAck94myj2LMvRf8Fs13G0NH61EY75tepMkaxTn57bxqDqwiZ/ePvYLTdCthtiL/Eyu4QSp8biBx2g2kKG/Q6DoG6m7+56JtjY50IzzFpu/CO5Ld3cgsbToHMXl33qBFcZ4e5puVqCxfPQORjQuwJwnhjgQiTSnCTTBtQly4FCqkVc0qvtip5CjF/zdDlw7uT0mOO7SEzAVq18dQ/VEUzn4RMuVNpjWJlrQz7laj9om56BRDIguTv8Ug9ItpUYbIMWPiVGNqDE6MvhyjKbdjfDL0mKUEfwxQY7DHkKkGM3CM539CDZctdvvPTub/ipC+21cRdGKWUEvvVMZjy5h5mne2QfGnAAxFL4BHFe7cAYioNqEA06FRJXILd9TF8x7ucsr/nSTCRmldZ9rIWpRxyRQVoWmac9KFLLqQrzNJlZ3H28ODsmsTGw1qN67rUloNsf/w7RtoKxdIqbWTRKylyhVEKnwqlWiodThlY6X/MB6C0nVvtCPCyTA16mOLKnQJAv6TYqh8cktg5YT7JgkgL2MGbZXcRoY5J2iaI3T8nIfcU0oD9WfzvCJR/ePWlL1H6ie5QROVYxL9cRS9Zc6lcjhnU5rRPUqN6g4FFbuYvMYdoPbv4Fk/DiCkwwMUyugBurAezB4kZegeoj6/F+jr4QM0rA9Ec97I3ReRXEeWuikNM5dMnDjGJxQwt4L6Uhp7foIC4i+aeJtFZFWqpj+j7IfbAQtVd9OPptYCKfqOL/JFQTFpj0nVixUSC8wdsOptlgnqaJcmepowtSNOk5nID8cXPnCNOxuDkSUY8JBK8cPuv3OG0IuHlX4BLBUEORq9lBio94Qqz3+BQhg0XdPwAYqDHYEpf1z3XqI48jolz4XGN41G0abMxZ9It9ijvAg67bG+RsPeZ6a31FwlF/iaPtY9cNmbUepNGrH914wDg5/4iGPg2AbCXMngSPG0Js0uSaH8Yxl7SC0voyLQpNzNpBjB47Oh5ACSR1EBaVnnpKdJnAw1aj+lk9CuCZ+lSZrm586YfpO9KLI7SIhnws4hpXkXJu2ngAqffHcOjxfNnMdQxb3lAsGehQ8Vgy47VRejAcDxqc4IwPhx2FAjyO68MylM3ntWGKTB9Fcf7U6ojCcHdC4UhiVlvwi28c6BbBD6WU+++2GJMa0TB2WiyHgfSgeOlHtwKS4bA13qmHJoSnEg06TVwK+W8KJtGEicUABH8TCOc3UOSw52/AZVc22W65RZPg5WZ77K8ppMlvuDTg8RH8uR0o3lMTEWy4FSTCwH6jNgVlgu0tJEyX0aBwrWr5DYbKaEbdFsFUMzp6Qrk5h83U2jcC1RzUrXVRduKWEnw8M33Mf8anwUvNEchdxBOQbEDBwUEMDBYrl/9PSb2Q4Gh+m8WAySUdI4dzcEp6VoTHR0y5CYJgdGEAcmB3CA6g1A43+0NmtiI6eAedxU449khj4K1I0Vg/xTQPX7JwZZnVA5ef+RD+Dg+4sjRndTIuEwaGkROIPviu8DZnmhbstqVAOQaFUc2SeguERUDWlNjMrK7zMJUgyfsr/HqHaZQpnjjQj7MVUA9Rhw/kL8J4IvZEoRVDeiIlBTfxtBxfCbFjnGRNoE0dIixEI0JiQLB+m9PI/hCwNjIagEwpTAx6YxybBUmicL5aHnM5QxjetQAsW+RwlUrG31PuWxmFNDDQlu7SiqqiTQkJHGkUBVqzb1cdRWRaq3cjUUF+TydeEZMDGukRtfwAopE5CHplQO9bAmlbFNQFbWoD4LWoP6YbUGleKtKD9tzdQQnNl8HhFZCAp+P5qiCbGfyjYGgD7hyFiQmzJhz5L31lTHJZ43YgSYKBETJEEmJmbCaeF3VqohCtpQkSpqCqCJ1aypgd0gwvufBRMJNd3DbdfqOhjnMHxldDcsebkls6lmr+GSrWam04STnwo4VDP29/Ib0wgJixY5KD/sSIFRHeVI0fTAUTAQ0wudc1ZEJ58teIJptYpE3lNQjDhhW/MIER3qBlcuOR+iRHV8k9e846ZuDR+bamyFn72g3bhVNU6CBJ8cLQl3eXeeBbdQeeRHy4qMIOd/Eiey/HlosR7/vz5ONTceyf1mXS8ZqzZhk6MaKL+h3L0VtGZAwsTGJuANa5jFW9tU+W0HXZaCV5ARqaCf7gJaugBF+jxQoRKp0S3bq1RuU8qPHJmqp/T2gt2f5WOvIxhTCCGbAlzYA3MgQhNTFgoGghZkrCuzlVzxRiMER8bU6tl02JvGTRmXZeNMHNrnOF1iZ5JfF1EXwGHGawGZldSZuHwWfISKL+WXeUitaKqo7CjhkStoJQnSsGPWuqVvuiSqgDLOjvEct/FM8XXyTr2TJ1khl1GtPaw8uavvKiUP/HviXd1kdFdx5Cz9BmJXr14GnwSGwOTkRi0cbKoDtWObBbeE2dmJ6HmW+2NmajJAR+RhnsWsDFLWw7E1HkTgUtWWqL5WeDegg1I4gwbqGQHpUzfhcUxPIGyurpHDj4q3Qen7AeUk6RFolE1ovc9VMZv9lsXNO1DbIjvFOPhMf3vE9NanTVV8dv7uuZw/jWqgZgz7D7tIUxzaDofgVDMLh59XA/mdQXJ2xycNCLvaO8ZACsqnNEl0GqjP30D2/E0Ck4SnHgaCjIE/v/EgSNE30LcfvodAjYu90O3SF2+tUCK6ucfbrD/OmfOo1wDgmfspYj6TD533x27C2oLGqvnlS+AX1NjMlXbTv0WAAyoGOEAPOXCg4nSyJU54qOGW4aEuuB0eUYH8EwY8VwCixxgbcGsTQCRNKITOoLQza4SzRch5LTZ/+rL+Yd0XmUaNLaIaLYa6RuuWFc7ICHFVuQ3GtuRAELDzX7of1miXB3X5a8IoIDexdNHBoCanMx7PUiCehVJGlNvt//IjeiPB0Ws0aRyDoKgyTwYUAhgEFCSOROQsxhCCeRIYAAAAAAAgCAAAAMAADIIwEAMxDMRBGEdxHOeYgyZZC5Otb322OI4uspstGx55N15ED+9L4rG/qmEVXgZvmOHE+YxCge6zXnFf0ld6vggnCrFPeMDsKf2RB9uqRQoGf4s0MV5PJfKYZwKhb+AUn2mdDbTpvA1xLyyijg0P9YGNG5spjCE9pOida6l0EamS9QLqhQU0I8hBjZ328xEoS2E+b+EayzAcrtvO2nBVfMEuTW1Vd7ylqYml1ozWBh796WdG80iKSHxEZrTtY/jc0tolYhR8KZhYEizzPS+7NY5cRtuhg91U5nkZ8zA595GK5cNHRhMqz4vMqXCmech48FQR5/CgmbOh4UjVoXREEg6yW9QxbjBNIP59Tcc+IuN9TSp9NjVJ3pUy+ozQzXvvz/A2m9f0ukdYZc1LuyxfveSN0rxhtXeWSONFMNTFfNkm/Ubc10evsIQxbjhGkMamYv6MW53M/0rQJpKT33+kbKEY9o7yIlQa75yS9egY1T5GKRZQh+tKQCHlabLNLQIzYplDSLL3mBJGq8TH4FKUsimn0Mgi8DpvMNBoqq5pbVIJetLUlw327u5P4FMjP0vf0/6hDYYjfkbLZFDYE2IJiuP+TKj+0tOeSdPkDUrAHhc3NpPvwpnWTTayvVczRbumWTaZ52JDwQLYl8lVuF5ZW9CIu5nsOC9Yg5NMfMUK27QfkEWZLPV/719qgHUI1oHStluSuUr+jjKS61TSeykaWlDJ0SKWEQlIBuTfHFQcGRJQINMda8/Z08aSja+9whspe2bq9Knu0rHCHgG0AtMsczHhETOI4/O4ITDxAyYlHzcChSIp1SrXPYqUpM5gMQqk6/cZ4afRr46NnrqF2hNik4farbldwL8ODi/eIrmly/36lN1/68by06mBIKABMCliadfAs7MTMppRdzezAoEdLrQ2UxUDz957Y6E+njK1299TJqf2eFEOinNIwsPMkDRZM0xJ7OCTXH42YejYAB6IK1ce81/EKRyeASaIzzmzbrjycEPb0ZNCBTrtoefVPKrfyuGaov5OjruK274T4zyOOdNsfDsfAzzLqV8vBxCBDqrgawGek4fEJgZJazgeMpQReFFUFioO1pZ7oo30DfT2JDS1G7r2VMspxwjtOVoYUxSX7OkNaiWtWCOOCXvep3YZTu7zrmcudgKK1lOV457Gc4htamHA8Fg3RJWv0hUMwMmN5XcyzLNWDD9vqg6bLpXRVMfQ4eeOhr0JUIdaAEiIDKwuki1zb5WZWWXVbBnekzuN2dLiksthGHxmU17jI4r765MXQtOPGjF51xvCRWEu0Ejee0JHGx2yIi+benH/IC8LTpQDfwvfGo2Dyd1WP3tMIYeQz9FkQqbABVxOGfOKDGOAKah9RchlSDjR3x/lMmEdU/T1CfAQJmC8Z/0YlFhZFJ5NrTJ0zpMj1w1njnx8iAKe7oYeimZR98AEfZxC4t5qUqWw+BG3epgLPGZc7szy+PTCa8XbEzFXFMxLKubjrx5mYLZigK39Pg/nuWbxym3Gmc7UeDvc4JwiykAb4XtWjRkPNnouS83oX6TKi3SrhJIqyVvvky6FgTBFUqjenEvSPPn7JnxzSVsyOatSkYzrQ2Pv5h9rqGdANF6UL/KiPmRa4C3lZaaj/o8auOWW3hdemXfktJbpF2T6DDHoP23n3zPKmEo2KEz/CNOHwu9DSMn+zx03ROy5Y2I598xDHq3UtFaPWRTwY7jy1ZiLEph/qGRKSLBs7P4uQNIKN+FJZXPeAxvLkhCWhechG6ffVUhaWSaXJpsgqLEgwuAJX33nVbbuZPm5GpmncArHhiKDsa7PQtIRqRFEr2CQ8Rp/3FFreNvP17t47cfKUxLplmLxLYTlPVK9IKCGQQez6NHrc8QLgdh8hPFSulWSc0GWRfB2KMGC6wZm8AjduAoqSDgwVGyn9akjtkFewCMhuDgOCZhVk83pi8FUcaIBnQwAJqK/GBkh7u3Rr4q3ajUAz3tkZeirzaRVBhzIAmALYYr5Ohu6eE9WklWNK62qqzNPkC9uVd3QpxuKZtXT715hYzsx+YbXdKlPqo9vzg3+etfIa/PypG4u6iGhd9xN1DnQZQmha3yJmWMmF+1XFpPSlJeFdMi1M2WH5CWN4HZxF4s5GaT+B9lvX5pqohvirtmcySuZTteobTfdXTdk4pjHIlum1I5vZWG0rYE0mgGWXZtXxanlCVKGdTFTdwQiaUAXAsTMWYl0lKsAfXaqQ67QoD8sQwtjSDTH0Lek+5JD0pfKnYwBZc1SxFmoa6TKmQNfe1xYR04nlQJxVDV0c8pbWSwsHPEVbRiOqDFsgcaJ565mUSXGxcFYcZcDxxkgTbM2UzOR/hP3s6U/6Vkhyr0UguN3WdOb0IFP2KODTDB7YPVNv1DyFnUxGkYsZq4ZwCLcSOOAvtJg8YfQWDnL06zgorVGsymDHkdOvAHLdyQfta+CsuWx1fxxVxtYdKJsehNRdd9h1yPDrGj7s40pT99bV12mR6XhJZEbfPsOwA1jJKzh1EoVSavBCsnDC1jO0IK+1vjMf3jd72kGEzOtQ3b6hL406ER2Y/LcOMioXpSbKDUAmhL6SxdoYO9QS6NhEwwBPjXHgWH3h5MgoGXwHTsmw5uWhH7hNSXe0+P/jV5fJFxmIlVe5aAAXUwkbRo3NmfTxmZzZYECCSqvQKETTIpIqogIAyLisTzuPHiY5t4zA4jIl0gt/HP3fLkbvdmup89IO6n8XycWFG0GvM58dXJ6na/H5+yivyBCTeaBpv09WcIEW6DDu6kky/W/rkLKyJX11O37I6Prk7x1QU1nTqoajXKfDvvwpufj/9uluxIv3nIk/QinDdSLFhUb78M89SGzLIyZvOc32thaNB+NRYC0MWgVpdIYqSOSXIGdvrRKPzFj6lDQ/uzfUrmfPjksJjB5rhS8q8B9B2olNX7Lo5oamfJNhokUqlvFDtbGJP7baV0cWvIr8CBfLh9n2dkWC4Q/LnGIFAvZhUmhQApS+aQhmEHdcpeiEWuVmmJ5EZbMWWEvAAkzpgNh7T8kXqADMg+p+A4sWBNhRESfLi+OwwvfIA1tcWdeg1jKNHCkPMPrchmcqsnKYZCTBvJdSHeigt0CN2bhaM2YX5ojKWUnmeg4/kWtiMcLs+ojWKpFSJmyxkFgQxMR2Y5AOMA/nKGbq21O9gV5Mu7idt/yaarHtomJbsVYEB6N/ygJDwpiKSNkgCBmQ4VbQ7AbC1F9IeC7UCy9JSo8zLmQ8ChsExTQxhQeWRMCCi+hFkhKiCuOhOCMPHMRRgcJ5s3QIuBJCyBV1lEaG3FQi9jAYzu+xvGDQahdMC0Umi3O0Drr6ZYewvKpGU3TR6XGAyagR2n6toqLlgzn0WgatjbFbqgGxvx5RNh9d/0nHDWlxVeZzDih4eNXy4+rlkFbeQnV6BmMZM8P+B6NttmsxQ1p3p3NlIViTFXYQNiwvbA2C/q8QoJI7w1DCFgkXpPGveyuiVcDS1j74cYMnJtgMjwwbblPrgfUtwjIDNn3LKScb6zc5zKZw5DHuJkjVCsAss4vIyBrbABIzCvkJSKxX61XU4So1suCynBXw4i5J7dXIRACAY4HGjM0NtCYUbcfY25pq5IOYK8luUVuhdHJ1v/2VD6JJOQ/UD8KvsD4KrmqtjLt6QDYnGYLaCTboyAb1FAgUCKFsgMKc/z/nyAwNgJx7XR3kmmmfHpcd8EXP7fMLGoUwjw8Dbx6FaeVFy9bkNmk/f6ipDPCaE2W/x9cGF97GR7rE+SMdU18gr3z8cwaogRsCHIeR+BgGsg0TJPgUAGBcKABGwkSAUEBIQAAAENhiinDjJkkyQO+L0HHvFQqSdWn4sYllGTUdwIlMi1flm4I52baROsKn4aTuM6gS9JDJGNBbAKaCjcvTHZHqd/xZOAHBQOE+FD/Nd7c7CjtB+F4XqKhMVOXTpBN/B2D7UL/lhwL7KiRRLl5FNccpg0G7EmJ0PE0tftaedbSULErj0P8w6R1zAsaUf8U2wXt8Kuvd1C7C/XwEZPc6Cu94qYNPTooD4ZZYRz3CpYPpm0VtloDIZCVnW3fIB+qTsb7sb2LTfWZE2dtM+UBgbqVoz9i9te6e+ny2clQFEFjSnWIhxJy6JEdfANihGvYf0aVZFHUUkQ4s7nqqDzwIy9C4vrMb63nTsuaozgILWUsilBtzlSt7+6wUz3C0LhSCKwbYLckLtbjbg0QxowuSxkxGicHVeVgbsIQg8k1QOOdozxTP2660iTV+KMa5kD2t+ohVFrZvUjn4MUkNTqv7vF7aMQL9RHPnvxpid0uUYt8l1B0nzAcqzzFj6TJOxEP0m9EDJFQdyF1wvgmLGXbJowqDL8uTf+YJuLZ1ZLBF6EFJ1ZO0ltJ2E9DVEl+mFKjRADvaPLqD3T3RDeOMJuV4M02E3C9TrcJ6YusokfkFaXa9lnRIiQfRVmQ48BdglXH6Rpn6e+g/WWh1nGkxOx+I1QEzuqS2fngSkJvSchkXmk7BMw4OtyPcBhGNXq4PhySUiVZt8nkGY3yuCkfB6imIRPWxiO8Hg8aCR0Z10GatQkGJhrOh+ANJgfqQrVVBKJ60voPijazkeKxkCGQ1I1LUSF+UAnHnqGWpQTWbMdsQDpt/NDyCu8Q7Z1rl1JHN39CPeGqf91nLiWZYaC+Rn+P2Udu0ethRu+zz+RZF+snTjqFkKUiByWrmhRBuU64A75mN4Sppl4ihxJyav1vLsFy9xDLIG8qDQul+7WBFMqsyCNK8qTtPQ+CttI0mWV3E6JshT6XdCQoPG6dh6Aj2QuG6KZjDtcbW6mWiFhFAfyoQquS2cY29IXMbgScDESPB6uW6q2mUU3ViN1RouDqjuaEtYfLd+WOySVZu+v4lu5oKKP7qlo9tiXz0X6++KfkwTEd45JkIu8rFbEQXza1MDDLnNNmT1LkJYlkjlX5opZh3EtQU50hO7BSgA4i6g7g1RYmDUrGaGXjqsXfrmX0MpVM0tbq+ZXppQYSG3Xh3QT0eWDDYeAObDjQ5cPYjeNHXAdzyg4enA+e6Q7W5Dt4yBooCRwPFjXLgzchzoNHDdODh7LQSu3B8kg03GvEYkk5/EQsfaqFNzrbGmuZBeiREQOEKHWBraReZX4Kv1mpRkbHKlYzNHGzujrrxUCxWV2t4HZ81ayupL3oP5pVKhycy0qMtWLjtJvO5pKq0GwIaS6hhPFIqVV7Bq9z2y9zdTpKuOzP+Z2iNGXjnj+BbsN+VFrs6aaN1LCy6kkRxTEsqdwd6ZQLS6pmjlRYhSWqLBhIO05YqzB4aeSDs6lf0sPNy9NXEEBYo6zYbU2VV+01vW3p99Ua5MLlCtoJh7bVyqmIg8K2sKKaxC5aW1jBpJ3h1JZUNyeayLQl1f+J5ou2KrEOjDAAAg4tJECJOAGIG0jLVoqAHepOkWwaWtQyhlyrAJMAtt4hMJqOMVRgAguzMAvFem1hIHsOkFBlEW/ItKfK96QzYeO8wxgPYzXcKUF9GQwOc9ghtyPetMYb073Iijpcz7PWPJVe5H23oyIIPaBPcrSeQA+pB47IBNCieTK5fRtFBoeIQYf2UNlWAGSr+bQVqkeki+41nFhiST2u8vRCVP5/shA3sl+lS47+Ar1K1b9aBfSPomKWf1wrgaag8RoBAgAKAQhAABiKUowpZIx5MgXhUyeVKtdWG+ykqMKSotDsMNMIav8+IeUIpVYONrxmfkVsj4OLV3ySZ0vK3r/AcWr8gar9Dd5nqYgPcY9LsS0IOn0wS/7CKKX+uNsBPyXazAEft0bGVyKYyUr4DEHxEaILm38y4P0eN2+FDspq1v633MsTYNnxxz2JqG3mSnQD5AsIZu7UKNeDqarLuOIjWRe6YQoey471TBrvfsbhfvKNCaMT+Ku0G4xhG5kO2TD1NQepc3yaNkezI876ID3J78yYp+nawDsqf4Mm6e8dRRWZMPImjvC0pz1/Nr+Qzo3Do1O6gTXtWeX+gV2QvQnn2aUOqbXLitX3TJLu5hdxyOe/6a2R5r+HhevgcJcfAnin6q69AzWVXc9V4neV2/sEJBoi4zVY7lWl6I1GlUy3jXymIgsAzw2d1M2nf8i6EwaewhB/9YRjVsnd3sGf85XVguXfnzpAKn8t58wOMzb05MdKWcT5TaTthhHPZFamsf5JQDNfUF7WpntJdl66Zj0YYnmS2jCDRSGX1FpixiLssSAMnIkdJ1jfJMX5UPnRAJxTS6ghU3Mki7Oqmz1HWc5RZto6XTXe+O7Ol95kcKh3eVHh+VTGTSCh59Rnt6fUD+YTqRRvovzvs+mQmLM5fSKyICr8DpSiFOm9zT4Ggz6hyFjwrUzoWXL8WXVc5HmDx4B5iZgmBZlPmcmxcFlq9Ym9NKtkGx6aqrUMrECBLWBk958tJgg3hcPt1usWGMcQvhC9Gyq93DKzcdNrvLTV+PQ0OvwssqYOY99BbJlGSlj0yEF57PhkQR0lcjSzLCiYYvG4Y6fSHXNuQTHrqlp/Z1KhNBJD8SN/Emr5Z8qe+0lTOTNeo3Kj1G/miirURVcfcCAdfkZTKD4XVGrIlFrtpNwxTTsAZbAhco3eWg9jeFsH0a2CjZWu/LjgJ5kRMfznHMnZVPy73BtfZbjUDKfqhVyWeGHYyVbj8FPEw9OAEzdc4eVPZOGF6HZpvVbkVrHZGFjOxvZwikA92OfTlFwJdeAwCimb6FH9IRAnIMQHYQ/R08kPYOIjJd/imf+VD8cTWDU4ESxSnjyUR/t6F8dC9fA49u+7dixqMxE63QdWJD2aSRrQh6m0U8wggb1No4Y3T6/ekqBGpbGjJKWoUZK6L0qI9r2eU/zlL5C/X/LGZYuxUfkWJQvq7IEtRqDTl6oRpsVpTcdg7eo70Xy/ecvcg47U6VfhU2RFuX3GXdDJNv6LHwL3rYzzmiwht8rfxnkl8ar4h3xf7eHLXYXlToUmltEvSNWLrdS7JnXVlTgRmr9PdjCf2LvecNymgOHWJNLyWQD82x1JqWhUvF+RKLrDzxRsY0w5WU99rApcbwdVmgHF/S0jbWKhOddn39WDKYZkmpHUyI4WSg4hzjJy1EjKxVqdxf5ujOpHcHsDEaCOVPJ1xiKZkmmjRQNn7K4EQ9fnjI02IYbNAaaekzKhQoSLGHUwrOH40EgwBLQ5LL6nbMyvq4VpfWPNAQmCsoTdxHZGd93S7m8/a9KEQ2IWZ5JVUPIMBauND0Ip7qOb7M4QNm+rEXWqumtiK36JUlPL8F7VxPd3Ivv1aURG5T08FcPF4YcT658ZaV7e84A06Hozgli3Y89w4wvdKpoLlXNOStNuiXIjL2hxOywlCFg4JJQ+FANT7oMHHf/EkagFddOg9ZDUbdtkkuau5OGwcNbdZBRyMzpfZlp46HRE188kRJ+WYniUa+sK9iQlY5ZedlP6/iANPs5HJNh7FjxMLDyMmj8nTTmMXfRFtttJE6MnC/MlFLhz3pf0CwKMTQAixxUYgGsyxA3lsIUSrkMhWouErHZY6qmW9BVgiMIyIzqMSKnmFIPv+yUPi+AIUNEuDFFp8X3f933f933fX5eYyqOUZLQltOdOJTxMEsw6QHOHGcKsAVplww+DJbhS1wMSAAAICBAAggAAgAAAwgAIwjAUQzEQhDEYBlEcBjIIEVS6AUxs2Ex5btpr2Pg8wogTC7mIULzkAdiUFd3bDBZU7x1cN5YNtfTvdbv1DYTw3d/KA/lXbrWbvX7qGVAGBMB2YmiHxWOiUXnMMOsQ2NEA4khcBLms6mhvpP1Fos3JX2bKCQ5ToslJyIsUH+1swVouyW6o8ZXJJVaTL12NYl3Fcg031uGbjcQNsnjWlPCWtOv1+nRLKOcxCaojibUc/gsdq4NzlyCIS99pZQcV1DyKA0TtUMDv9AVFyTxWIFhgUNLoUh4hPkkIZNYR6yThLc/ONzdJo6gGYHSEFvVMslQtFaHVBDBJZcRHEiiRaRz6n62z0U4WMs0yPxFPr96Ip8Fi5faz4ZnVaKak8LQSHeTcfaRwwNv86H2OMMBYRmQ6nnuw46qshWq68MB9UDUAnKpDP1xLsFOvvulDBNsRwquH1pI9sBqEgCbU2AbWqGWA+AU2BNOd5hZtAYwaEBVvpJ89/nfBdV8w+LvQ3yIZwaP3ZC2QX3AQXLnnXBphSPG7sgHl7S64xcIk7BcVJFK4w9xRI8MEQjLt8zn2YpDgzYXf0sbIFE5yN3O3cNDhizfKHN92p0MZhlMRRNu58e3VgxFN3OO2l1DZmQL0wOO3i2CRDEFIcQOORc5LYo2QKe2PfRk3iCICbGBj1Z07DKJbMM/Zu1TciYYb/dt+dId+1+qPyqnVCGuIzlFs70wViyNTbuuDW6GTe+nIj2YTcGYvO7pof83BWvxqICo4LCicvOMXUXrbqV9jjCi6ekt7ID/p2zr2YObvA3e0P8VAVlwmcogBJpU1OsajEkzPw20qJbMrCzfpp3DCnfkMTNhCpWTCreDGeqtL+ExJJ8cDQ9AH1R2Chl9BZNeyxK0i5Ri8gmzV5qcKZ9a0upf2XymRh5kETikqi4ho8Bf+46NLpOlgtEzu4KnxI0orPU61zgsWYYKa0pYnzUOpcOZeXPJ77oWCOj7RkwfIXuKpp113uOwl4o5aY7537VnJlMBIEi7+GKLgopfTWU/izhch06EbQgF6KCUAia3ULBKXxIxBbhNjFMGwKAgKcs1i6ABwSxFRRZi5RYWmavLSF18WMCWwypyJ5vjERTPe5uzX3LFacEMuybpqU3kgkXykQOaEgItKBH1Q2nC3FOm1Ni3aerRolbNmfscSG0DjWM1esoJJ6NGCcJGAG72ZZb5C6wEeb3PK1g92nBNWpPyP2ZXdLh8s2LJNJbBLiN1iXjsbWoHWf0CqPU4BVzo0mGsdlJQj112GuXrDAjaB3aTA4Gtq5dZ9E/p00n61oyGsUFw3n+EQqMo0uU9UxXpCCX0Zprr70Pajdv73W/xXejV/2zr09x36BZ2YX2vr/PT97G/98Zcm+kcvu9S9VK1niTyHAltTKupKRjNczSxzKfP/nyZwkmRPokjjIID02CxH8xrgfv5mghzO9GLQhTLypO+9YEGWj3etkEsi8l53B1+6gnyAoQhsxJT2EyLEYu93HY9hLRikVJhK2LaUQrELdlxkuDfFoQ9d0Lxncz6i/5FERPGdiY7/WuVz6oWPFc8nFkktXQyLCKPTOZQms7bYjTJFcpRqJpFGgPkRqUEiVwY6WziqFlu05z0HL3kQjkbYOX8xeZLTb+Cr1o+dj7VmYpggiqAhKYq7PikyHqyS6yrMVb/gUX5tKngtFhGKB3Hs5NsSwCjoRe5g1n6SKDXljNL4S5r/QOog1lNOmnmB+J6zwN7DJABB3eGB6lCyQLvFGzTXhq9aYyuopA2uqDrDM8pQgLYYmcJQPcUXVCi68Lq0hYqq2agr1CRtf1Oo7sRrEwVtPOG/LjuMEi4icmOLGWGxfIhAUrglwQrVg3+3g8IpX+4GamiS4BmDyQHewT8zoFpIavGJ9c6d9P6baVUXGLSrsKxwAraklGsryvCOpUeVgQiF56/sLHBjnaA01Uot9ri3c4GnwSVKafk7UrFHTLKYnAJsJ6UCFEqxMczJxxgpEaIYBEhyT7PVsJ9ch+MtwPBsipghG5JX85aKbfoAF68XMExl9ZdCVGjPLFYp82XZMW3T1LUo12wJx10SeX8NfDsOS0SaNoWfQ9x5CwspcuStpydi6+euKPY5wUxgYG7Y5AOJCFfrA0zTbIvpa6bObEmELTribkEy+JwXHDQLNky613XiHUpryCM+DS6ROBb+lvTpQQU9rguZ9qDoHrMcHyEDatChsPINPvzPCZ+Bx0cTzKGendtpxr8UXn4IsT9RY4pmtv3SfBjnOlhdLMIhQkC8r5IMLsmJMxk2SVAnCXzGRijZGCWQOhLoFPKUCk0IqxANtUIrpn1icRuailqeYYwLZ30CMriplfoRPWeUERVfoP3wUWQ2ZwZGSVgoJWMgHgQQtwpprTA+bLPOmigGEx8v2I9m49GY9vGbWOXbD2O4C6oT06+YOVDN80B5VACm6uHgHJU4BthoJpgE6JwkDmCC28Zk2YJW8g1zYnAXdrOCqdv6DyRNiUi/We+Ir0DLmYIJuPN5fUtuz58UJybLRZ5PwnUnIIbodX8iHOaVZNrLRJUv8L8vH7o5I1TWtcmtK+7qJf3qnMHVDI26C9HKa7rQ5TrzFlS0IMOKpELSrrYZXkLh9oXHUk6eBJDP+rDq/bC3Ypw9ECtoEHsb43SGWOFDbIwmlW5FAJwYAVpwI8D1egR4OXolicFtKfYIt/oaBejbeqRmrNptBRzPNdoBMikPJ7vhzrrhKNY4mWXLxwN+psGtYUHf63RyoCMKXDWgA2hU/672BY6uZKa/QVyUaqaJDCXnERTSeBC8SnpDTuReVU+R2JC13jx1vuk/DTi6ui0CUuxfMgFqGgRxCzTOgcZ0QRswdvdceJXw/5jioR1cWILXFvAsJnSfOvqMQIK24u8M0l/RfElIExI9DaXIahKwrjmfkw1RX5s835mO9m1YpH1TTAQn6jnmSBzB6+KC9xsnMi4nwZyk11z93P9OwuJBGx1gZI8LtNQ2mauI9xXS6d2tkUtFYYW62KogbkDRenzzDtZgFo74RNuEFa7jQk5c1DZOig5UvG5yCOWkE+IqeaTnTNRYhRotufCkwyXCbmG2doiPd3LO7ETnNpSg0zjm8i+9pEPtdG6v1BQzopNO/WDmSW9+LD2HQOgBAR2Nf3wEPr8HnC6wSCbMZgDy8IgmIK2oABgVhKTIIJGjL0tItH0BZIQbTF50wxIebYIu5VWgkADgCkzaFlBe+g9xoPeEWh4IS+TstC3lENQuNG/CLkA0yRu+eQ87aA2ykFpj1NYM8Ma2NW/iQskfbqhZ5I/FoykYRG/KiflGn1qgXgyxGTpWKWO/wbT+MOS6sivKMZRQ+wDeYH6BqX1O0nao2fZMWtvQHWom+8ISZmhcSDlrG8zoOH8cx3Ec54+IMy1DU3dhkrRQ3DfNxvaJO2nV+iZ9LymRuAcRg7Yw7sRgfHKSt5Vmk1VzXwI5xGUlvV2L+3tC4SPAL+M+ezGJb1+xxg7umyPEFC76GRWsFI4dqOmEm57fniQG0/rz29dsldJLiaM/cPNWPHmIHP4dK/unhXvGCljbUrLGQE8o/Ha2VjsqLaexwYwUg0xu9AW3rVqtyKmY9z2tsuukYsk+qVgeDr2GehfzqJmLjb95cCPGUCWI5cKbNmPR8jy7yOKhD5NQb/lLDEIIZRHBuCMCOg4Cx0YzzvtSSUqIxW+36Zp9LyGGel1ZXQCiIA14riGmUagRw/xx76X015JisMwzW6spcF1n9pQtK+4U9WIMky3uofujDCWHXHum8fqlgpDnrD55gJ5LBeEZWZnkUkF4b+FcKgjYRU0OBfy05RAFXct9Vyotxx2zmdHeSk31YsgfzYH4FHRWauyopZxcR4jD0XBEjyaJosWDG46Go+FoOGKlci0ezVUCg26gsmWoiCZAFAAyEADAoJBIFsg5CmOOM4s7QwZfK3upUFquspw5LyDsPHf6ypfrWe2/0nOWzAOS2EvRmh8z67x8z0eVADyZsTt/FiqAVmRJ5I+ghWbQimQSaVoW2SVa0RSt6d1K+sZIUm+N1mSYo0Up7tFS98a5SG1cDSeuzzd6CiJy/Fyc3s9v8sHBBIAYGkqgI9u+ccsLdKDABKctz89Fdrb66hcqWZIiIMO4/hquFjHyfjIOaDltP4Aa3b7ns3jWKJgxbBjo2B8G4J1iw/uf8rn8FaT/zgQxkmZ4yi2CAeJ4ga5fpk789RCDEUM9qEdMeGeoUM9hfOBQSEhcKaOS/yj00Tgu/8svdZexMVwvMTlWS4Y2puT9tNaIZRQ7iDWZUkzwmFpq7k3JZOIToEutyDESFBufdxcTfyBTJL2YJCoyYMNXUExASdDbzlzFZBSGGjbcGXwPoqpIgfvEAd+o9w1pFMCX+vxXTQ77S6hD+FsqWO6E/OrJJStrq1UV46vRktp84NEaQpFTFUqoKsVADSs4ZkkMeliGqmZOx033U2UpPsqcQrRv7ofizbAlu6OsjGSeog9Hu4fCrxQy0CITDoIylUeS9GAdBFHwQ6CpA7uHO3fbm/X/yEyiEs0QCuP2W2VX0SIgGg1u5/7CS7GUKcyyoG24H7rjfZApF/NgIC9es8FdXK7fh/1RXjDc0ZwvwvZc4Ngg94E3D4+DoHCzjssxmWI2kmYXRfxB5TaG83Msb1p0FJVDbr/TUY6NhDMEGymac0DUnQlHx6QLb8eTFeAwtPBDCxCEokBwlDGGdrgNZLoDIC4+LFjhhUu4+hi1VjhSGD3obpuG3pSb+fjDrqkp47w0fUCDSwToOIqjkFwHi4X/iCSTYniLdcI3/1ZO602jJZotTQ5twFIa/unhkmYt0A45HZRmfrsVbPQGmMg1cMoLxwhwOyJwemPESM5K18k8EON+LLGWiJalD7wQZM0w6d1kxxHVA7BnQaL9ZBTGZY/+Te9Xi3Dks1D2Fm2vwu4GLvG4/n7LvFVbaCkoOHIwxNgCObKzxnU4RZl1UrAMrdwQnScqtg2zhqRFTpPwCqHvjxQJwqQNQOO+ccYQ0bYSkta7khtEKzyzC8leBAEjKwyibUmQr4L0zP1BivyxoWIXDbntL1UmaC4INk/jRIWarSOsxn5hheEuERpBiD6o+puLtU4xKA105WKJ5Mw93DGgKOYfNyu8wKQVygzP5SJaaGMEfgC/7rAZuzxCsogv9ecKFwxA3Sos2rehSlHzUU5xRSPUoa3x6zZzbBLmJPsyUjkZeE6uKmQtJl0+moNlUqJM9OMjr+lvqirePpPmBF1h8SJnPMfbDzq2pC+mg5w3TqKMM8GVsi2GfE4lNO7MnIT2iapkJ5q5nJQIZsB6SHDxECi457zDpChfA0TYBvQpa814jFC/BLQ3Ez2CjnMIqtyK5XXyN402hkoTTpbrRrKcTZYyO/pgQbNFzW4ZQPSFjFy6kOaXJvnQk3wgHSrY2U33czOwZ6D9xKfIF1ZY17l9qbDRAnOSksNEOXFyDIM0sHs0Rt6uKSa634yWkwSBk87fF6O/m5iFpBnkIhQ8V7rE7IC1R2bDOlAt5dHwI7loawBPQOGtrjIbssq5KA/xSzL89zjz7qbbO16Ii3geXcjHISRBIs+VsGlCEqXUQnsi2SttPsSzdZAuecOpXZ5NqyuA7DbMQyax9F84gmKG3O5YkKeA6FXJiAIjVXKZnhPIEz+0owWd5+YixYMGwKwCHraRVUISd9CTJdjQG874wYCrI3MjeFTYT9D+xdC8bRUk2c0ShB9eWlpKi8zWxGnKcPCRW7zcMc7xISSnMgxS1zVlm1du8Y5OPe49TXPt3FFgzMqvsY5FKAH27hmQtJ83slpf5S9b3rj2wPiIVvlKM5DCwdk0Xi/cjSBJspl5SdjT0CA8vyUGo9tj6BFbR3Jmw5Aa7zEO/gt5SLVes+tM8xRecLB0krSUhhe5gqgFzf4jBhZRz1f1c64VuAra1DgKCqGm5Wppfxof7J6RD2Di8kHKiF9EPiij7faYKR94WvnQOAcvPj6AEsoHkbl8UM+mpCusKsV20/8UrBmXuqdhI5ASzdmmEgo8ZNQUK3AKl9x6zU9mfRoPAfUhoPQtbhde8M7P95sLWEsxY3OFFwaztqFNWxanlno3cR0kW7qvHde4Tib9R0s6etMGmWy9+Iu1UOFBkd3idr2wmnOnoJlUz+OBUNgRhwzh4r2JEGqXLeUKLsDliQV3++EBP/QWRTOTLQ3iL3Ae1BLgw7WAnnDnViWkC+EFKS7wGrz6yzTztkAPstIIIv5iidw77edUVLpenUu5yQB9aFjKPi0vqCM15aQdt8pZ8AOXgjcwelTEMsZzZsx8Tt/fuLZIoT02VjOEhxMxMsT1Zm7xg1ni22vLeeI8Q/AEIhECyGl727u/n4/ZFGwDYadHpggEDxL+NjPTLBb4USeM4QHd5XTP1K13c5Ep3qCukl2bAjkwY86EYxFz2b7m8c85johYOPLo0Sql0UoETDp/7Lqk7H0+TIKJp/zK1JJuZg33N5TeGE0eEaqrr2R0CtR5mPui+e/gyWkDGBoe3yNwptFRqnbWLHhGWbricO5HGHvJNwvBI3Eb7lcO4bRNso8ijFXPR2W48SPkpZK6FY8rtekqXXPiNXGfCGLv5qKaneRAYAPwASxrCyQxQ0y9JjgyRX7nfXAStp3RJQIIWSLzV9uKUAP8GZvZ4+y/zpESnk/viD8xxFUxOFAMF5P5iQo80qpaiEb1jl4ptUU9c0eqOnBbPdsRVe6UiC87AqVdVKmq3LRL3VRK5ee2AKXSp4SFaFWd6gXJke02KoGU4sCqKP5naWemxWaMtLIJcUMWo78C0sASI1RYmjzQw6hUgqtIby6MtIJ6TuQAaXvo0ChbsZ2qAglGQ7Hyk5Sqv9uSw0maf1Vk8iMmyfwVwIczlaSr7uHLnpGkUO7jSfTQ65//mN7VfEK1rZ2fk0+tcMVGCyJIjE+vOGuxlcInVSlrL+j31Ep/iqzfPaVifDFauKdXQCdepT0p5VGTLHOPp3cBUeWFqWcGKzK5VyUlkqQRLbhaBb/M/MCVqTDbB1VI7MP073lnJ7dVu5yMWmQDkGi8PUfmfqN5z4uPJNNPEadqmpn+WFY5n/2R9mfTKoQico4FbVr1wHByO+TZ7CXCX4LVj4iTW12QDoljP/BBjyYGJAGKF5qcvnYf/mAR8+JkHik3ZdQJKec0fSdcqlkIxvT0aEnU/xjpPHQh46wjzDIW8xACSymLC8g51So9g07FlVOsRuLoLygiDqXNpowQbktl7e2X7rbN36tq4+lQ0LaRSt0Py5WO+1JBIeO6mibvBnU7R9r9sX1//m/NkmieHBzJhUFaqp+jFamhpLb7XFHKA5oqwqGonqOd9EyYSjO6UzoEEMKVIteE0poy8ctNkZRBnaROOi76izmLqOhCDI0jDR1WnCwjsBSCq1n9SwSGOu4gL43ewrNk4zU1yo/6+TClByTre25vyPd8XiAc0EJgqjIwQB+xJKrjhuvVvRORMh1q5cZHkVW/CGXR4awygCuNQZ8H8HfiZ27EZUONf93faVUnNsy0d2A6uXKiCsxFdT6l8TVJpwl1SDoIDC4A4k8wIVCHVgHQNCtzQVnQS50JoauytgoBtRKpxbgyftXLzDE6DEjp0e9aY+1nDSHAGmvsh4wkhuW+FAMLRuf0Rw7gwvb/6rrOecrIII/3OdpQrp5l/zArn6Ngh4zbWmE9SZzUSfAYXSCABUIanVAPDoYuJ8Seq/eJxxEpEYAUh3ttddtQfvgfGZlVFNKsLWPBDd46f3MsxG6aNVApbavpYAUlpG+OheWnUbiaIyPxAzNW9nsYkuJG33M5geG+JUEwhlJLi4GH8FD4r7Z+NzDrPMEUT75JYxLpv8ISpmCRtdr4hAn0Dfjtx+7nS+ewl9cwfbmLoEtE3vyz5w/hq5C5EZOUcWD0vdiWlFjUWEqg1AzajPNMCfzbJ2pj5TECY852J453Ca/SjDsT2+/Ewwnco2jwsui3O2URUR3ClQX/z4Ryjw8t+O9/pPtaLXxV6LTFVpwOuUA1SBtZ4OoifqRo8fBEH8/GaLrPb6PIEVE3chD0qMuBVJxNWhLqwKpwcR2k3nWyA//Bwjmhqf8BqcLLn6lchP4bYkhaDADZL2qE5r5fh0okGqpvdMh5JY5sip6GOQCPttWORMW3pZI7eLiJTROicBNQghBdpuqQsZ06JZHQTXB171qARf6v1kqUQOC1wr+aN7q9PujSjslJvGkgmry6k0ROEypqDvegbbloX5WkxtmtpGAKZulKZFizbToPuvJMF0iCBD1SK3ID+eOlIp7Yps41xOL29bmZotFUllHMuhuehTAngNhv/0Ys9vEqjSU5EBi3Hb1hWdFK4KuuupYyl6jH9zm5ffk0rtyQ5uJP9UJi+DhtekUh3YnBzyPrlfqptUFNfhqxpDO6WP2X8SifBKlciUlPbt1DfzqkjKKctJGdbh/2GwvbuWtrrxSU/jUHHeRlOfCd6KXPoNAFCGoknRN3yaD/m/HSNwhxDHFzn31lgZgKkXKGHZIFsXmTNo8AycHXQ/WnuwwvcN9Ul4sxB72wUxLx27/7jcufYk/GMTEPYcEUYYv1aUV9fX3VK/VYFjN6D5HEwEjFg9Tmbx3VUfrHA5EcckIo1zm5CMTeltVxL5sw0hExHWKq8/CuBgDFMANE6RAHQUcEhnMov9vsOrGClDedtkpxXqx41DIBcy0r4o1CdUSJfpFW9PsKMsjLzWJRz3Zb8OQi5oa870LRmy0ftcAclFmBVxMplHGihyJy9mtKCxxzwSyJNtESojjzDsclXADN8s8IZsHJYbsyg+oSWuRAYlc5ELJM6biPn25XnE3MLNFV99JjE9TiegK5Ugo+O/4LXM64GS+GTEf10lzR5WmsA86z7Ant7FmlmmfdYVrjqGfTLxBeiFpPdNP/NwUROyV035vS1cNxE3nG0v/IjoS7R8r3/NaX+jbAsNMDDJyvhBleFxU3/tS7E4/UDRFI2+BtYu2rt+mn6b2YhJxgAluIWzYghLcGbQ9lRV64xOTGjnP7dSzL4RzRiHIorFFir2qZ+fcOfLcEBvRbVK65WzgUH7VfhD3VCvkgoTKVo8gqd/whNp/kBX21y+Iu8BsnIrWweZKbWDM8JKQumAsoF9GdkiW0LHkSuDxdKVFCPWzCn+7SgLf/DBCr3JbS2WjAqCSc1QPGohMsiS2SMMUistHdW0CI2U2H4g16W3Eza3v8uS15OFLy8MYytwoHT+RqJIfIu06cIhuU5E1Lglh4vMp92RARZXlhKtFCXKz1EY4gmwzZGcB04h7demDtBmAILMigrpmwsrj+uiAOQ5Un7HUKTkMEJ2B77M9u5qvS+4SwAeBgcMpcKHjZvMzUUPTnyYmok4dVEtGsGVRmSNHvCy1CUu0uwrmRbRzWEg48UzhcDmuSOjhtqOpOlVtCpkj08L9fNWYHrCJjSbUlqOWwCJ1Y3cjltOVK7fg9E9ssxEgRaNkoy0RVRE3t3MdOxRorUyU83h+TivikkDyEID4QbM+r5eSIyMxbpJcG1FUAkgkfHGAnVAWUF+bWgzBNWciPKKIcLBoeFJALcQQ5BU5Mk+OO/9/axe6A4zaYKkfxAA/mpumxc7HnPkknYceo5yMMYKhBj2P4vlbygwdn1AxeLMQyBgDIlv0/shrZMHMVCBwGoxD8rYQ6UA8KL+/ypWpJVKnkR0jKj9cQIfHyBoNcsBLHIiiCAKwZqlVhmMFP3nSZz1Owk9CrpovKPZVupTnO0+M42riQPWFimTpHjCxoDy3tQlaqEVKciASU6JYVthWNqtu78dHEN0hhAqd4xsphzHPMQRP4TCLdhS7bQJon+z249DsHqq8ysgMqcOPw2GDk/ph8tCaM48wTPckpKIb71MckZSZNwZNajsCqMJVZySmiK4YahmVUTFWm5WPTpMhmA3CcetnnychvCqYOZByNzImPhHqFs23E2CveLo7QlJkuogLUI5IeFHlXvjksJJ/s9E0UfIqxJi+Rfif/kFi2D0uX/fvkuGASGspJsHmjEcjBokHi1PnIRHWkZyfdv01E2ShoR07NuSKs0jmWsya7OZL03SS+5qI8NReFZRIG2RSqpzWlRnejyGzj1F3KclS53FS2GSfmhp4DnVlgMGY9KJVOznx0WXMh7/KgdJoS45B6TaZrW+7D6GVFBjo1dh2E3PQl+dIpmhTVLnwqZCsIxAsPWm5Tsu2nmtISRbbfSe0VHBOy2O0K0Cf+WFaayOVLRF9maQ+zGl2gpQa39rAoxyBnhtDyPN7Fk5INMBNayJywEPB5V+HbOyo5JWRePtog5p5i2ayouDsnatc/fP9RJGe/hNorN9N68id1hroxI+jJXOhmrsiSyF/Nhc7mijKJpA0XaXmuqD03glNHX39K6hXomgwNuqhghY4aoz8luoZm9BgfbgINMiy64oYnGzdHpHv7Ko1OzBJqCY6yGFtG5jR3bkPFj7o9Slc3RxXMGbu5qGahAMP4WCV/h2XU4Tlu6ZrKPK0z/PSiujJUEpG28faQQeiMcjZF0uic4jiGY7RWuQ0NaC4PioTC0MQEN3RAnaw4xIRigx406yT0oEE6LkRGVNGd5e1hbjvbGUJNcDE5Z4qiGgVeWbfYLFuBGL5MjRZPkWaFmskicspmg8XnXgU652ZurQbFqMnV3AToNWuqb7OnKpurBnUUnL3//PY40NcW41VBmhsEpCL6Po3AmnDG+ahobGl0eBLfIOMJZ/zZ+ig0X3vS7XmI2kM8srb3QMJqgx1QpQ2gaeP/qU3VdN9Q5vP8Xp7xdOKgIAvQxIhVJ25mLPcqjUUjdCg2sszREE4HHGucqCASZ4L3pNDtlIBrKg1CoNUT2UVgw9F8CyclUU1ZuJ0BF9apfKNarFKiFRSOBCxM1FUdOkgQgk84lgDixWwbYGFyU/0wz64aqhWwmAkEpD4FHpQ+cEiqgB15YfBIv4MT4omZvsJH1XOY0QgS6wwUJTVSAjp8uLhSwIKQ2fgoKiIzukaymDwhMz/5qC8pM4qVykI/bvnoCJhZCtNmSYKLV+i5zzk29j4/kutIq4bIhVky+4QC9WgcZADcJfJcUnBBCyUe+k28W1qvSv5G21m60ImkaHDwnUI1borQAiuhlMUPLjvmi0xi7uhWhprDp0jhSHdeD2+o/GGFgCIU5USyW7eTnESSwYqaPbF4kM55JNFOYCmTSH8OoVfngqJS7NZ4o5A6PQv7fliWyKwg3WsnosufiYHKB0s/Z/vFjFUpwcfiKkxK8lDB3EP8rOIP6KBtUv3Wb1Py0Ae9xUeSkKayg5g42I1EOzB9+I7UNECKxGfuTdR8KGdHH27Vh2i4DrrrzRcToIOdqWgaHgIrfn+/JZjP8nnm75m4WSaToswhoZSs6UESAieEhrNIT2C7FJI3l6j0TCQ8gFCqyIlumvgMSkt1KnNRWEbKpJovw6xpzIJWGpAK7ZIJ1XJPlEGTinkg71AipJ8ijhYV4yK+ERqidWaozIQG8sxkT+WKwELhBWh42Maq1HJjG2Uw9zv5KtHdkXHMmtoiMJ+zTCYdv2QXFxwPSdd8nDLyUTIT/DAhpZGAqSFCUYMgEw8ChQOfNdiykI6DLnZs5szDKcFbwJajcOu78U8hPXoaSQVkODGprMaVTaQGYfnB5LlN0Pgmt3NTUiJZMS4UlZWifzmkpHIUq5gHzczmoGE7G7Nec1Gl09wj58sPkCzlYrRszgS5BH4SNaCfP+ExRG+1//0FGEkg0hyPLxlckkspUpqVsm5Ohx3Kef8gJEdSGGsaNZ4PzYE2KtgvmZQ+kMHko5RD0lBNI8zB3Mlw092qyZR/nmdn8bbhn0c16LKJmYAaoDs/VRgBGrFuDjVA+vJYpVWS81SY7uf2VyFxTlY1Dh5oNhCeeUz+yGdXw8EfLfosvAn8g4fEVyea7WbK7PFIqjWkRS2XTWh+aAd90wa8DyT+kMU9qAzwbqHdvb8MvdRA8EKf1QtBbbgnYWYcjfzJIoyLGrMcklOFGO6qmiOQmfjR8JJOUiYq0sBUQ9KgCWJJA6mhOkx1JppQaeRp0rD0w+6JBhvGyb6ISwQ2dhEF78bGK0mAWZV7GVdmJUQfCn/I/Xqg3PaPnYaW3GcmIwGKtCI+jYoAFg46ZCVxH8ei1KzYyM8KxPtBUiIksnkryBxcgZGG7QG8XBGpDF1BE2J1BaZ+tStItfXMySs83q0khcFWUrd6qByegl2esisyVgS7JwjxGdzuncg+mrUmQS2kO35oDqfFm1KtmdmZlI9R9AuSpgGEbHXGqBFRa0lKDWNHYgZ+SoNS2NcmauzRl6kOg2M678sGrkka++6GwHmlmslG57ONlByPQZydDuCI6s1B8RzX5iY25RCj2ZFq+kkz9Al7G6ic+VPgZX1SzlQn1J3ePPI5acF+Rhmgv3s7MjlL+mZB4faVnKnizUJvcv4AWVDgniRKn0KKezqzS4tCvWWcrR/+LQC6UuB0/k/6v/n6ir+dXkX6jl8c0cz3c/8hzxQ3Ige14JC8K3zUmCBFADC5d+kU7bGIZAYxfjf6QhFHfCaf5un+3xZ5uqKAbIZsKQAcJaCqAjhhguOinoBG18jmlq6KxOCxbHwdPn3UAFT1VinwEykJYi5pG2K4HZrWq0qcIbPmyH99VTfrOWLZh/JO3Bu1iznxutoJ4nrOuIb3vIcUhLmhqZUh6/ugMs4EFuGD8vTELwWKx9cUkQ2tA6IcKD/pkDsHE+WJsEop+H2owwGiqdE+RgNlCpJYiFuT0rMEMR9qWV3qlg1dVfI1pAjrydh1VmP9p5o3l/P92hq0GWr9byqpIrMAmqyyqgY7QCT3n4VMHGrqwy3rugLGLYQvR3fzspeqZDZjeg0obTU8nSY7+dsXUBXG4SErmDECwqIhg4KHXQ+DqKMQMrqRwRQMxGdVc50Ea/7PFtUMWFX1Kj4KaiNgQHwAr5tqmj8lju96KMcf8ioxYaktrgmodrbCTit2NVD257h0MpNJS9LNvchucdD+j/yYUhHeCfE/qoYC/7+hyV2ksKoVQQVUm4FCnAYehwSFowaz+9spvSyMaispeFVpRVxbvl8PSP8RHOaIqogiMY2Mt7oAUF2gXYWcWsJINQea6kjCqEoqMMWJpZQU8lcgTaSFBTx1WGDSwlC69ksYiQVXucA3YqEP5Oe0/UP4nBeYwkfeCOKktkV82mgZ4seNAzRHAAIHFRhwSwMx4HgSwW205S2wqUHmBvXVAlQB8Bfp2OLAEOLx0OrRUomgWoMAgK0DtYKzEglabSMoDVkLzfr//1k77POURpnQpJL3///fDs2iMKRSFRjHAoLC8PXG01OTRsEoQtrliIhce4iekBZ/vqFF8SFaTZ+KWIluSNNd5UD23Nex8sBJSn1GaTyiC8cpqiqWjqqdxWRb6VWhHDEXVforKWzXNqVrisgdoSPSmRsyB0QgY3snQQJoaldq3dJSe9ooTdR4NPUfSuY4VwY0cpFjs7fROg6nWfhoooqjz6V8Q7V6LhtUVWQ0eDJJPWTK3KpQ1/qryrM9VutKOfNtrMYM4xAxls4KZ+t4apPUeEPsTofao+bOMviRB6e5eMnkC3/0DM+qnnnSTcmfVm7Hl8aBDIncdjx6BtXGox3AjmJjA3WkEu3JPuIuySLl3P+qmQNJnihHPEzTHRwjQcKeqW+HpGDG+1I1t+DIfveTmtyVr8rY5Uf2UHYqjzoVotCuPDKZEvePmk2CTeYi92fApPiimjRZpjKKv8oGWb9VgB/xlaqjcKMIiAr4amMiiHoohzn2jcnW0OOZbyIbEm8+5uz7/qtt7JyCvq//BEBubDm4he+jMsOiD9r7+kshp6b3zZTJkW+aofo8pBGAKsOfSXE8IKIkMloE+O+sxL4mAlKBIjagDwGrcrodI4YAX52Vw2UjBOBHraRVaxIcUxCAKrX+yY/q+4AAVs3PPs0fwCuqBK+oD4ApMOOSxDhFwL/MIxWCIvAqUXH6TASY7svS1IV0rgIyN8/H0ZIIVjkA4ckXEVCFsCYoTuK8ECLAX5WGF/UhiOrgXSe07K/jCTIb4X4aG6D6fcOzYYOk6EAk7vcJq0L8RCkmOsNS9XhHG28VDs/r4//V+4Eq02e80fYDVRA2d/360NcPowgdjaqQUT/Q74uM/9APlMY+snT7S1Bqz5ishrAvwWoEu/qlukc8AaK2AlUATfyMrQiqISs3nJBHPOAwHYanzoWRedQRO86osTrxQBzGKFzAocLsUhHOMMcUOMa3DWNRAnf0Z6gCUERkjD7nSE5CaOZhj6PfHkoc00VhUKmdCX3KyRutaxI5OvI/SZfoOsNJquYpLeqjGmejBf9kM6/dQtFilAI1GkBKCmo7270H6xItRbhtX0WMaSQzCuBcND5RFxSoxfbucRtOv9UAJLbDraqK0xloohKPUVdlRqlEL0ZK6bmfogLAiElucyw0CFikt9Hnoq76JBlIkEUd/skCAVfXX5CUH1ajOxHG6vyC6yrqqn3EYEOKuqrxVe4Zn8tchBlDIa692OQOwkbUyGmlJqku0NgQVjArmzXmTdKc4ScqmUpVKQNngGHIOIV7E5PIcBTvjlhlmBTCUlUKMOIOGAEZpyxvYpsYHs0E6RiFPRgrKcI2JXwlNW8QW3yS1airpcPmbFFBnwwMHNerHwJuREqUaJeCX/hoXF5iVbtw/7Ee2dVsUFeVRFZUGy0mIWxO/KsVFEBC702KHte4P4sWGBJVoz+GyJhNMokKjk5R0Hm5KID6ZwQmE+pHb6LOlEOxqKtWeDpLnDhPj+o4RiqG6kFAKxL02e0UsQheWc28pIB6oUqfP5VMK05S4JPJdjEHCBFninRTRCpJXSZEXUmbNRHmmiqBJrVKnHiM5vc85/MMzPWEYlNPR46Ny3dEnAbqtsLvzYKbQN18z8IsO6NkQOQkLUsrq6kRdtQBwpQVUKr2PKp9us0DTZQJqTxgO9080PRpaBFLVh3RVIC6Vc5NpSAcfOkaG+XqgAbiIKUz1pyoS2j3ySwNQb/EJBVfhvVerZOyjrw8NK8yGBXjUlVNFwJxr74J5EIzo6cGw9Icfr0Ke+rnCAyLtFpLph39Q+/2ghedyipDYqi5S5IhUq66RjfV9OZ0w4gxh6E/n1Ln9q2ARPhrsNQGPAA6dXuEKUM0xZqWYnGiBMVRrGkHtKMkIBMUaxIHWqrjkMI+QKgdBD1lJIJLDWsCqX0L2QRHttyQZ2DSsgKEWCbcCAU4KfjlHgSCBYAgqSDaioAf3UCCbbCkOSaSNYajYSblF6fELqHODWIWn141WjXnuuR47C/rPmZZlpuZJaBS0jpudVvyMn8ZeJQ7lgX1L+nf6fw0x0AkO7xEg35m1NDh/51qbbfONy5pwPMw42h5M7wFK5P2xhED0IRiSDUB0neaIGPMkplTNveZYwxIeTRxWJGaSblg+2DBII6WTAD/yAP8x2iAf0wC1UkNqgNvlYXXT2zU+VRQkzN0dAk7Rkuu31wWoUBKVEYKlEwJJqJGghAieALSiIc54d4YtU8uCmY02qEHXVXmzgipRT3tnDG9xRMj38fpipe4xev2YFbM6nL5/3R3sgHImBYotyqAPro8t/eR+N5OjOemltlcStHgFtH51RvHj9ACgKIieI8tjmF4E8RyoCiK2a+UQYrTqe4JdUGbDIcfyT/5IHXQHN6387H+5QmtfiTkfcOZzYQew16MVCHzVP2Xat5fScb8FZ3XqK06lZqPeIoAKamghVByaIwEzkgiNHc6Sir9brQ/7oJmzV7YFVSfPnkuJpry/De4cSTlDqar77k3UiWEp5x0HpHKv5ONHCpb6iXApf/TYJydyq/ApJEsUjfxCBafzjXReOEZ5vxIjet8psqnNg31UgTWSmp/KdYeBfIgHEBaH5DmvocGVGdIgH+8AdV5ClSHSYB/BoOKiRgK759Xm9DcreeCDbXa4yfLj0MG5dBu81YUWEdD2p3N35Jkwe/omtaqy7f+yO0b/FkxEs2Qc+3RAO3GOeSZvnIjP37aKJKoY4I+bezKjXappyTh0Z62I6TvIDmtHVhsiX4O3WK5t6Jovf2y0UJoUq7W02Fjv8NMDgc9vUwHyje2kwzKtwZJ7PconXUZEfW5waS7rzgrqWPJzu5xGfNkNyPt9jGn1rcPL4CbTZHAGQITbmVSksnto9igNHJaklQHUfvEsCQ7jEIUBVEjJ82L9qN+MFm2MgvgQw1BUslWlBHtSd5tbSmcAkOpSsAkLiPMSgBiXlkm8Mw6AdNqa9cRiqUjorVgrnup83ouI1nfuyWScAQH/e6wOLyIvARO5O68CKWDcoOSJw6lewNCdWxbLGrZRpu9mMig7RSt5yZP5PiSGobUJQsHqh4Kw1dv+v+d3s4yp71qeeFNGM/eJhPn8STsFZUkB+O9f1aZzVa0LKcSLBWGzlOC2folaqZHKJHHc3MPz8BEoIceKQPRDQMIh0eYKP7/J7YfPUqeDtpcUYtAjScRFKeb7S43Xn5dO/u9GmNRg7xazN7u1tu27uXP7XIooCUTBXDJdMjUe3tzbzZjj5blMr1BIrf/7XSzei63wc0slJS3mJOb6bHmahQgZ3cUQyUCPeQOxyEvYDQO+UJSHGqKomjGIVdJAfAHlQ45GA7vzXyxveI2Pcrcu3u05uPEUpRHyWtAPYKjt9PNjpLf0bK8OojYz9gRMna5PP9+0FgINKiqUlVVVVVVVVVVVVV1HgxY5jzgUgGCmrACZggIAwBFAYxoB043zokWj8hZ9Aib8nJkssBTQv0IwwgY3Jg/glFi8mPmbvFGALdG+Z5svL78R22eRZYh/egTPb2JMpUUr5/J7EFWgDa+3Q91vwcTw/CZCh4/qVv6eX4289GammvNYP0gA7fMSnJjwA/wIsbIGJRZjk3SqfDZCAGJXXa9tLXDaztP85vGauExuwYblKX/z2qvAqHoCAGLEy8M0zFNCYS9uMubL5v3xo+F1C8ePFyyCI0LJiSul9hBIvV/m7yzIMQDKffDp2kjFUyA6oPcNlMI+Biof6HxZ+EsQUGxkB+LhjTMmdxGSecNFWAXEYHig/herLwVmgzQlfrbohwetP47CRkjprRwIWzKQgBOxCGDQozJhGBcCUFLhOATEMJC17NGIQeRqNUgxkSBQXBqaEGYGtExJYgxFgsfbPfhJRLvQ0pHM82d5okcje/k1ivSj92MKKAqCduNsaLkfVLWjAYYWsmQow11K9FmgPqJGXnl8y5XDKWQ1sR5Noz7fKbIPTAzDhgKW8StHHQmWmQwCBWvFfdESR8DKEhNAmv/7VEndggUBCZnThfKB5LJNwsbbKSQzTdPsZk7xl3HGEhnPJ3eCtUCUu4UTNL6GttMQ3hYQwKhXNRxZK2PrWbY8NnU4XTD1r9Qx9C03gXK/IRfcMxGqtTASPI1GICEyeXLxxVIlRHons7fgwye2qz7OBEL4Sr+pcq0ipg5EEYMix4Dtbago5EJR1tBIsAfuBnKPoNcGmzMPW5iTC0cS9nW3GOiaA9NIM0P6kIJj0BljsGeftfOO7rNL6bOPxOhQqOSTfqVZDr1q5r7LJmLJmIC7HOHBNJyMXHCQT5Ey8R4D6vMMyLDTAT3Dx+9EHyhPrJxXoFRiDlh2Erp7vm+T1jT3zpZL8vzII4KClwwhssdlAdlP7GGKzjtTgheh9IVGOLLVfedrMVtDEGoWx0DJ/cYBEOmJnYMbMbnANg1turPWbb5CrFHGB0X80eSDI9UgCg/UL5Y8X1WTVt7Avx1l5nInWkyXT6o0rTDSiiRHkZCqQzXmr6I30iZmFBClTL350qXnOy1A+YwXWgzMy2yksjwZLpRi3wabZKPz2ixaE8HQpmCqURZbrQ9nqzk9vohbg8WICvTnu0J/lMbl0+hZdR7oQVaXe0JSrmMgG1hMS9ADdtSBHwN69S2p8MoYqqix9+t9g6jo4LPZ2d4lghHdn5iH7QmuGo2XAZ6OvcJlc0zqjn6s4PR8gtZbqGVZRByNpISnFhkt2eJMPSKE+du9E3vehcDigAPgGWOrLz1cbWpsOir1VLDrnerhTesafNwQDosmnwuFZkSpF9HYWi4LzFtpnB4GixnulsdaKgwxMhxbmNNVlrBQFopCW0i5myjQYw2G+lhh0nIV4xl+qaRFjkQJFzEiIEZmwYDBl2+McaXgoZhAbHcN8l4jyobbG18sky+PDQqqlbCABF4sDtfwTMcoECoKBZoPwZ7eFbFa3UB/GtuEkHkQodpuFgyX85pnSNpCZxsToACHPkrIZRYxr24e1ntUgZA0cXKimsUgtZNwu/qqCogOAeMiqTA5nFeISJ4j6PA8lTyxY06XtwgImUkLConpIG5ILWHH0wwosj9IooKqGMwWYcUee6W5eGR6Gt3NktQT3zvZHt0ltPlB0byuQFfpbCN1bu56vFsTHWQlg+jZlPlSW0iHgVODPik3PjhrSgIUJqMxOeLD6ruUATN6rQzkLa61NyGt0un02trtoEdGWUn9S7pKw0bPSojZ5aM7T+AVtk2hVveabIIKzp1YEHQt2NSyoxwNifRL592Pg6UFcxlwAQ4cviDa4OPZ9KbmLMnH/8xobdiOMUXIwJv1XWKJC/UIS/ZmjzGFOB9yg/YVC9/aHML7uKJivkZrroqhYwOKtYyaJK6tpp1xYE6XVNVcDu+petUCpX4f3Q1NZw5dirEKuJ51c5aHKuqUG0I39hGCcOSVLlGBa4T+zb2jJw5fgB+XzyGwA/oVMyq9VXPiSg+tWrlLkhOkVpfmTlSYVCrrvDoIu3otGqFraCRD9IWDkqVtGU9oBWCpfUUK2KwXBEYG7ot2P+PxWYhVLD6HwN7mmD/na7nAagyiTnjY/OA/Y3a2rL+wm0XRJdebV+p1uIuqLaqYNZmGGrbys0UJ2rapsrzosRJ21f7j5Sd0VaryRC/LbR9dXSizM9WKR6VdEFRzt6XRE3P7M9VLMIZ6FVVJJZOXBlOBYk2GJJhqljBM10FsWs7hpvK45vO7Hymo0nhVzjZhmIU1tTieWxEJsCPMAKVUwP8JS3wM3ag4qBAxb+AivEAfm4JVAwbqDgkqJpNw3mVSx00U4lHZvGwxNnUhpPEZ7O28f+EFg485YP0iGnUh22eGOdFiCwt8Eo36PyWTa3ezsYZdKnU9LCcUiC5xDAgNIhJA2BR9zkCvZtz1zM6lwYSeU4mSsFZ7IRqbapSX0lDQ62rOiEimqb1odjCmdk7WlWESlU5p5noccioPMoodgQG4RoiAcVSnjazTU4RmE0tsydIOrpHnsPYqMQFBZeIUmY8VzxuKgKvUhn4jket7kiKHSWhZ9nUa2qwH7X7MIEPKPJ7Tt9Q+3xsINzR7XhW5f6KBmIZFIfa7lT6C/8UP92VokJHvodEN/Hprgin0rptamQL6tVgilZImvmcjNBiegQbJqKeLuoCLV+BWuHNOR7gBpQeACKQMSQgjbYBoHEMmteSy0IIO0lbiGF/flySVt0TkSNdblwKhEASRwOMhtEozJXL2/yVHrbl0S+qBJ180ue06Yv4kCtI0GH+ZWJ1m39xSql/oQgBD0ajOUJ4AYCzQ6vMJbTaoDhqXGFQQJAQ/fjiSMUOmvR5sJ1HuKMv5wmNjHA71mOYC2mZIZPrVfJt0ubndDkJs0cwe/4w4J7jNEmrvwS2u0VKp4twnlEcpEWKQqWwTbRlOxZvXoWanzN8zREkHUeVZNrYtKNVhoDnsABrAAAACAwSKkL5cFVSPLo4uKRsL0iY0QaIpZBq1XXvYHug1IRbxOPCTJKBzheiumtgdbA7sOhhTKIUQIfUEehgkoNc5aEPdKh6D6aDKXSyHIpsqEPf5PBA4FSg44wxyS/Pt1WXNDQHkFg0AVkBvOuikAzRDrNa7omZ/m7DIWTyRdK7WLFoi6lAA4WkPIA9G73P7FxtwgB8p6oZuV6rBapOMOKk6MoBLOprk9b4jzQYx+sx+xKv3mhQfrV4Iiu5LaFaWu6BpiZ78pSd+PtnMvUHwueRpGQZ0pROJJRcOXCc+YtcA7T3NDwRvRR7WxLgRtnacJSdDw3QHZqK2om8g7xUUjjrb1jKfVdR4nLw/U9qORwEIpSntr5uwz88HE6PMMvWtjptv3hB9iXQ0T7IM4r2PVJd81hlI6lNZ49PoUYeE6rtnIWk76egxdKtaBCjlUTrEIuVKNWrOaWSe9eamoiqOMJpOkVnZuTeTStUE7UvHIdRw5oHC6msnVg6TbqjSkQxEhJ1AzIdch7RXn4MtoLdlsXyjsH2C5yPVuvpTu7/nk1U0ABynyijUrUk9gxQry4ejgAauXDEo6+2TNw2NfAGJw61DMBQOk5LKrj/1SoWvxcXmIDEdO2BRoV6cZnjbFCknG7LQsUpEjvx9w2c5c2MqfF4THhFyzLk+mBphWhu+TjxrafRKjw3M67EbSBg3UIJauQE0+py2DBmjyeSI4P2qi5PSpVC9AZppsEf9zMplElSsIw5YY5wx3rN77GbhQtcNv9Gc90LqYUBRsNiimc/TvjwoOtZVmhBgGHvqvFPXMB33GrLcStQq+SDWA4RIBIh6K1DnMGPz2H7r3CETyeDmDMfZMSxdUjVS6+8Vlm6OiXFYU2RjtQbb9MhMttl4WgefRg+U/oHU45fzFCoUIYRnzJkmnDE1CsZgvQz5Obh/1ywP5uSGa5CrHOYhnHV13OLPuEoRm3oB2DUsEsPBWu9mb6xKdIBIxeU8KG2ITLjjZeByb6TercF5TPznCd28NkLrn8oBKQjABJGDxWQS0AAkEkY4muBROwAODkNvCB4vjaBe+9FJIiUZEnuvffee2cxuPfee++dOkwZpmZhIICCQ2lM0YMECkKBT7Bx1w6Xg0wcL1WQIb/5tFvR2+OUnbmFYqg2VTfmM7c2o+QujI1WFDoQm01F42CvoQLOPCVqcdwBKjGA6lEC1TsC8B8Y8Nce84WtiBbRWSU+GFPPiZpb/5oKVxd05DiSAPYUVUzHweRItOPp4bukTCukiD9zD0TNx/Ls8BHobkXDZOpdb76gAB0NeEXTcAjs3w3yLcO1lLNnsCETk3I1GWmeUlRI6Jrlqj5FpT6ieaZyKCexeT3P0KYbcB50adSd2DScpnpKwCWK42pauKTkwiifh2W603+iqCP/yWmSU6h27rQlIzlZqZAzFfi5pr0lc6ALibKgZtp5mTTCodPkHZYIqaaIo0fFyKhvhYaozwxdM6GCDs94Fn2TmGoR0jtcYy+1rrmUuZj79QSVcBe5zbNGNgbq1yyeS48vsrQvjpekaz/PnByonIw+/NjS+NC0ocep8KCIJ5Sh42c5qlxk40H3Gwczg7BL8Hax5T7cdGH8U7zRqL7JpXONAlVJA37INGdh+6t+IfHqCcH/J2RH8r/kXgJ+uQzwaxxQ1eIBv5wCVd0M/rgEZmH+bBfpIXxFFR4/UfDCWXZ/mmmJNSocAThl+356OWcUfTtUbLqMYBxqUaPyBlRPayPlSpNPjJn8ajRVhXuqKp7prwVTdUo3QucQfgJN1Lspfb5EVmgfgnQYGhSb+vghqPVWufvrh0qlyU+VqFt18zsBkoaI4hq881Up+qLkbhPcan1dLSUc4dQHz+m8Qu3rmi14NUDKha0WeMQUvJIjXXM+uXvau7C/BIA8mPpCpLJZIAgiEgxYbaLn2IdhKe9UBqRgOddfFz/x85AzTuO9M2AaRpaQaS1DFhqCyohMYKGGpTy9NWAKFLOBUAQbijdAOeCGpYb4zObgiciCKPhN0BRlhMpLe4wE+oSSWISbMmGdJcgbqMYlzxseA2ZLxIgUZD4xQx0LmCFiZag9BFH5npoCaL7K2jpYC6Lff5Y1cdjUB7es6woYtxC+HL2bl16qktmM6TWgtNXw5DTZ4W9xQRUYh4fQYsYICBYNGRQ8dn0uoo5CSNHNLqZgQKwmVxBPqSugs0XFC1ytAgoBKaiJMPas5qH/gKjmG3CZg/+AlJxAzjjVWPW6WwNTWwU2SOVsRT4Ba0Bki5bA05K4uecTeCHCwT7yk0tFymzQf5S3Dfz9dpNLcwOrA7XeoF/q6iLWdfGdSEhcJNvZSely88jpc2Op1qBEYSsQRYbojDZoesgqlqBCxG/5a0orzG197IavUsi8sV8V2fm+ABkUEN/nzZnZDxH/5xeNUkMx2qnDMnop73Wu0fVTCsJOwD7k7IIRFMyHhC3gO2ZzVlS0MJeK7KSSJieJo5RVZLNWb35Yi3jqOQ8mVM2PH1Yi8l5vvEj8H9lqPK2EnI4vCkuxi/awqV/ClcTeBRAqAo8+ArQzACJOGBhga0AAZzFJ5Zh3NACKvTCY0OL7RfrPwjO7y5CQ7O7u7u7u7u7ujkNAKbu7u7u7u7u7u7u7U3aQgzIFczAaCcIcBGV2t5TjYWeBIHa3jMFAw+7uLoCC0UgSAqMYhQWygAiB8/A9aByoUhVwRRgHQuHGS1JiYgT+qahJ6zCMyH8mIRcWjFglUeR4fxGU7is01eV2BxhoVoI8jr4XweqLgIcAL4L+1W6C4iTOS7oI/Ko0vEhcRKim+YFBawkCnkrsedyP/ImtriDjef0EU6Q56alceOitPP0qz/Sruqniu/kcyg+l0OEUoaOlCrlBB/5PG+4b6IgUfDTSFQOSFJsk1bdSpHILyFaUcTejVTwJFZCt6oByvkqg+gaA/ykB1QcA/JsCKszy8AH+YgFUdReo6iZQVSOgKvhAVUYCf5EFqqIDVIUeqAolUNVZoKqRQFWIQDWtDA6rksiGEs+RKCEEjAJWddNDQmNMij2ucX8WLTAkqkZ/hsg4m2QSFRwhC6HztIUA9doPTBLqlxhEnTkpZFH3oPB0lnjiPB7Vcc6IDNWDgCpBn3Kdgg+RJasZqCFQPcjv/ONzqoE0ZE+GNUQHCzp3U1XwpqoeN/nldapK1FTVm6mqnVNVJqeqVk5VrZ+qijxVFZvJL1dNfjWaqno7VRWZya94pr+KNvlVcqoK9VTVdye/SJx+OitxqIqGoEeIS4B2rpjefCK9Cn2qxoizAW4KZgK5GmACPZ2SBECLyYJ6VcH00c25PT+UikBnwVNmpkc5Sm9ynRvDGLNFtxcbupAsqM3wROtYNZvZ6GC7ielvlcupTheHEGh67wF7OC26fkr4WtTCylTOOGUp6qweNWnPWUwxY+XqIC7hASmq1vLYEm/DuagfcIIIkXbwUlgIBC1kCYh21xze9/lY//KRHgpRiqpAOGjaGyDsRUoV0Hy3BZL6dgFL2S+QB8FmjrGNrZuaj2YaARJQQQmhVFCM9M9IIoR3OkpU+juWC3sXNGv2Qqug+vTJczHRlOe/wbsi6e9ArfoaeZRH/amRKVKT4REpPt1qosHCY8Q/PTUoiJywWOXkBn0bZ3fa9i0JckCcAFL7gDT3/RlQqZAAX7uBauQ7HLZqQjZ0f47pod7X62Q6uzTFSR+a+ANJDEpRlh5LmUmR1q6j0u5IG8tTmDp1FnVEfm+D4CnY1Umyc+Qk51oS04mQao5QgpnrFCLmLnX0cqJiJJ+sHJ8Dic1vbF4mEd5xpHawaYF/oif+FOEEqdjBqXees4Q5U2JQKCf/NLt3Betzie5NPygHUwoS7u5L1NlN1RKJcOh/XnUCXX47IaNETZWFCpveZ/tBBxkTPdoU+kHn3DHh9CbdPiRn8bek9ue2mEda9rDY0iR6ajgk6rU0GSwUgT77Iz7YUkL7jXbmzLUfTakhOsa92J8IWEcvxWEqpdQConyjJK9f8hXsovycqKg5z/yhlouQ36BWYarq41QVoKmKvpiGVlJXEju7T2fM9vWM5Nv4nHKiPywyejZFAnUATbj3SYnYzx/Vt9PI6WFS1XX5E8NS7DASTwpSvpw0kvKPIgJlOdcUAg0beJ94BfAfEVB9NAD/AwP4ryPAf1KgClorDbvChB1q+eSE7pUnVMjRzavq7Z1KTgmFyY/uTXlPYTRXVMjPg9rlyUL/FMmx30Mdy8eccJ5PODoAfyxRIqr7cLEV5TYLBM0IMsh8FbUpj7Z1ycL/+XQuk2WxU55nYmATdJ7ZLE3f83k+xu2WHE14UpTMnFocZUuZvsgxJoghgNknCcxBsv27I4lPh30HX25owAkLSk3+Dsuow3Np5zVNFrokYVtaV0+NrESNS7OohdLU56TkmTVs8sMI6dU8xlvDBK2ziUdB78YYczlFNoCO76UptT45hQyfxe9XJiMkZyjL5pRHr4L9bfUiUTR8oy3AI51zo6HJ5RDnqcBxRX87yg+eJIZY6hGCLPGnJyh6Cj1X3LkFPUqezxeChsP9ZXb4SJXbSTI4mfb6M0BsnEXzPXC2S/ifkzdPozkq3qgUSnVvnv5omsy2kaghjCdgd8gNIkkl3OIuRcY6bagsURgMvLP0wPWE005QBFbGc4UM1xVkRKmpFsCD3vg2OH1lbeaBxOUGI0OV5oKmhgqhXmYTERiKBzprkKfSfF1qh+VsuXdOEzHM3k3G3FunyoE7SOiweBO+E955c+o5ki6PIExMTQCSzhwacFdRAGQMxRjXuQTaTGwaph/WkjfcRYUiiBeF5dEYMI5CYCgoE8niLMvAQXMQh0EczgESaUAijcbkMBYSBOUANIoOSkCCYeIw7O7u7u7urqLs7u7u7u7u7u7u7u7uHqYA4TCPhnHsKnZ3d3cFEodJ7O4GguGw8q5pClWLSucMF5WuHOt482xy6o/S4wjFuSAd/ZmYUu6nw8KbeGupq+LYWKdMOS6QCeHXTOHv/SoZS3KDKU91GpymA0JVYGDESZvBWH/tgoXOju+UtpHvmA7mftKJJb2E5UwdmhZxhyoYcTIhzIgTFU4dal0GljE718HOomHwCU4IhJ2kDCPslIIwYUfKPR05zVT0G8Va0u6htnMPaO8WVCh5C4b/XPD97NSMpY6ctqMN2lnSbWxquAnthIQfNqfOzhxqjHY5wY12OhV6tCOFDcl5zXSDbAZrBrv2mgGCJQNmrHcjiaVP77hx611HEECmg35bViMFZ7AXxBmg0OMG9nlndhz0DtLbtNKSnNueocSmkO0+AZyNT+rF43cdLO9+HpqeiwlIZOD/LpsvlPdF0+He3VywyV3s3yksott6p3t5cqRhDBdSumbKrBuH8orBGUqINpxvktziDNttC9dSvXew7eQ7QEVb4Bd3wHDHnaIYSknmRuQBurjyoCFTcEIwEaBC8cicVhiHjKoLpTPkfoHiG7gHZa+Izc0Hl5o7mQ7a3Cl1g3PHaZCfdKUwjhll2Q75e1CxnPHFZRte5k49Y6A75XLXStHcAZmw5Jc7cXyvuONOmWvuuGFIosXcMTIPwAi40yaR1KI3Qh+gfKqKkr/gJEFMn9bjhJKcd4wO3WOG5x1IE4eDgfI9GRXUHYVYcAPOhYPASnuKKoG+Sc6KmFJ2GvVEl9WhkpM1tZzgvqTddHpOIjWKTmgSaDrBVE/VCamc4FB2ssK/LnFM8nESNdMiWbqHa8SN6v1JOXNOEp74Fh2IhF20+2dwlaxLo52kw/sNuIvh6uWEe82QlUL9Vqj1wBV2/dILqsT0mAYe02vqWXBEZPibm07TE9QbQ8+S3JTrcbGepJVprgfSRXIWOwQjDz1CdqXWpiNn7I45TLqaitDrXerjnQ0em4hh2eQM9T4l9/USbdCvp6jZmxMaxvQMPQlp6FSCPSXpP5uEXC5uKOifkrCnzvsxSUjC4iaX/iEb9jSVU0zlppFCYk/OXaKLAK8lMFunzUyiQHrryTn9buJME7OWiPVkp2VJ9gYKzHuALgdw+rCWZVwuOsSLmD1Bewcrh3W0kE3W7MEztBE0TLQwm+EgLS6K0N4FzU3o5AFVC0c5cSZ12ruztNrTWSc8IpV8wtYemEW7E40ADRQhHNC7mfFs785e2/2Szf/cBuulnwkdPJRte5LS/VKQ21OJOLfHiVZgi9C8EtVez+pksDwgOa07WjEkLeL6jbH/8gZ+e3Pqkhbgi2H28a9umjKs4p5QmkXQMjLjcY+o8wA+aaUpJ/e43LhV6VPt2ySoNwPMPUXfZRG0RZVz70q9ONg/Znz1wcXmCN2DctfW+5d4r5IQ2aSle3DK1j2dFOydaIvJRHYPpjK9Aa2MlNruHSrPG3jiHrC7dyfNkkIrJkOQ5I0oZo95vHfSxhBQvClVAneY94S+wEvl10QReq+jcZ8HufF4UL3H8/y3ZqD1Hki9e4Mkb/NUwvcmRQF3I0ZDDckLa3bYwKf3cglUvadUXzuufsEjfavpqVvm3pNpIu89pfDvPU7d+cOB75hNydWZ2cAO3fkenKW9gYuHf33vIGGjHbhqpvY9aOs6fv/Z6FXoKuFOx+/1Ce439r3k0vyepJS8hEZ/nPl8KhXl8vd0FvAOTqrN7t8byaE3MvrfE0oH4FP0AdldoWt1/+jgDd6AT9McAh+nUGZEtUQyt6Z3yzQlAUXvsVOi0VWXldv4+Udegk+VAFBEwXfryfttERlm3DCJ3xTv9oU2RPBZ2ErwAZrwniRNB1NlAum9l/jIOKvfnklyj7tuaKrAXTf4oFLXOrD9ng4+nafdUrN4tBmo8jciZrnACJ9GbJaFc6ExjC9UTEMFIdOwQcs0oCBnGipYNA0L+ns4SsLTR1RYllbQnj6Q3u4GmRhzY/kd2usbu587y5KZg9jLD6gKzE+mw2F+Sg005kdqj5eOvBJrjtOb+DKwmt9Tis0vzzcsQXdfMVTHk/N71PCcX1LzdMLq/lIqLNPH+xGVq2vIqJIZqBngpAugAZIacM7V7OsAe6BY9fCLO7r64+vC3gD1PAwHSOoGigZ4Wa4epXS+BamyALyQfde0cUiUlXo4py68IT2cu4sD9nk4BysM0zycc2d24IGjysM56JxDdR7EIA/nqCYrUNUnUAUloKL7QGWIQKVrgar3ANWtAX6hC1R9CVThFqhIJVD5EaiwtRdiFQStMFNW1ItVEXgbuvFi/l8/5gDkLhbqGp3owENSb6r63lT9o+mXslPVVFMVdqaKhE6VW06Vypyqlj9VxzxVwnKq2sj0B6WpIgCm3zFNv16cqp5m+h/t9Mv1qSrQqQpfU0V3TL9ZTpW+nqoGOVXMZg3R6tJf/pSNd5MDuJXbFA2XvjlZmWJ4O7OiBWijUssTm8a4oQkODrmKPQ3KaF9e1bkRUX0v/7+sa/Xp3EAvD1WthyWU400JQ5OY76dJv0Tdpwi9PZbwnjcs04PEJxWXNGORnVLYQVUBOSkpwk4pglEme0e5GqFSVc5pJj0OGZVHjGKHwCBcQxRQLOVpk21yGoHZ1DJ7QtLRPfIUxkYlLqhcYomxlNOUHYFSjpqNW7MtI/DaysAon+rqMOlzcxJ6l6aekwb7UrufCX6gyNeZPkLbx2PD8aOffKpK2gvaFMuicehQXwWGx4kD/qfaIyI1ef+t0Dld9WLhVLl/U8jYkjoLMTWs/fu3K6JUsv9U40V8//0+H5IoDcT9f04OQNWroBqm4A9bif0es5CdpPpncfQJjU4fYlVuf1btUExW7Z9q1hdzOftPNYhs7bG/KXmO+ePUU0Wfp8qPpkoJT1WHnqr7M/2yaqoKx/SPSu2Hqq6EIHh1+YPfIiDguVxAZvsqrOlB/liC0J8gF2hGETRqoMq+fRzqIQ3+5J8yZYR993ZrLBjREQwWVoUC2aICC0Q19cfM2mYLrEae+J+xBa8WEvH1awEUUc1h6P0hDfCOj105UPWBAQkILdcmxStOOeDX6LQ0FVAO+fsUfg6SyWH/fhc7S3LwVSwccgANHj1xIg8SyiI2Z5HDQh0OoNqXQOVKAL4eA37knXnYVSMaB6q9PUkJfeqJpqoslDUAJAM6TlBfX0sKcExOaWRhbWU6Ogo6TkZvVAotJ1AKU0lkT0gzMDIzMDJDCiBLTE5QT0lEOoH74AEAgUBBCClEGHg1AxrttUH/osQVUFUDceIr4n3fnneGmkZvHrRUKYHtAEF3FfCnfqmRBFqxv55tP2bOEIXESiobv5n7L4QN2Myh9Bs7Cn2PIfEdSqQyLrcu5eFYbNXgeJmqD5Qufd4NsxW84HMwRe1iaEAvS9GmjmgsoooxMVxlo/PgRc9xCaOPKzbnVMc5Hf97RJu1sVITVxpUJphO85tGjZ0QTReq1IkVZ4lYSelWuO+q5ExbQX7WEtFJBF2uUtEq9pxjlWnB/B1hDPsv3SXSxwlnADlk/p08cSbAT6SGBITaZ5aCChkWPj83Fnw5rk+0+ceQQb4a5XL25Ccld4Yu3rY5oRJU/0CLBSqZOyh6gaEoOUQlgjeK+pQUiZBlkL85jSkslchnYKYyQ3OF2CaxfUaIZbsZUBDjDKtMadyAH+cfhb7/3xKWLkTyDcXG4Hl2/I5dp/NkZ7yXRD+yeMr8X0ba+sIoY/hBzsINijOlYjIMxBuLGoKSgf2rXwZSP35+Ez1VlKYu3aA69uqI+sZeJBjkU7lySvUn00etYEFpoGqYPGhMVWfZKVOqxlGgbFG47hGuSR7SjnHOdkMpbECuhWqxFkqV8JjMjuzfHIdrsf4UqVtowlbt/bKhagDTzh/yETqBJ2FXhCPzaYo7OqcqRKx7duDfyl2uIbEAP/jxLnxBe0oKppBtpw5ZyLaUGpve6I7B2VHxF4KKPngIXD3dUhIe+xdO88VDFfOXTzywZXkrfBi9FX430GBGh9OGS7BLOqwl13JUUXVQpM7QXfUD2k4iyrJVdgKXTYhCin/glS6UH5LmeW2WhdRCIp0UaFa5bEdXNpztG136nSbTCehgYI+aPJJAt7P+bVEaQOLXHwdGp52I4/r6wfD0iJLFRQ/qyhdeTMsX7ljQiuOKPFT3i0zoYWDkoRoSRp7SSOtJUfF/QwkEaLYgAnI6JCBCiff/WLVatp6Cxm4dvnDxV+XO4B8I7RUJyDbpblzFWyPM7LddwrGK33BMUQKvN68yP1btrHawCeIpug6FkDB8Ck9x4QlEZsspHgV0rWp745ZK79dSpVm7+CfEBIhSkoWUIU/ySZQ94I+xUKv82HvoJ0COqag6xzSSPjFQUMdUkhzqCB7TkCa/m1ChnjfrB1BBHraNhv9aoYZRTtBL5W0gmYlhJPMcBVn1/oc3fl9SocV+gtLEj2HM/y8kjEi1MPpmhbg+eJvj8Niu3lGbQ429KkDcz63U8OYmizgoVI1gOIGY2DH/GoxSJj6UCpE3FRJmouwDqdoi+6AriRi0LzA7FhgAhcTKKzbqBfZ3XGxnmbkA6pEoQLU+B5r3eTEFAcELGTwp9YmhAaEshZc6RVwRlYqJNJXtigCewOCTuD9qRcvUD2Wj3OMTVHw8Mb2IqOCiq9lUIyeOjYx5J+On+XJBjecdTbf+lJO9nBL7SSlA4D4+yNRof8g3akW17114R2LbzySuqyL9Ekrzb3oInOiHxuA/3QcfClB7i3xgiQY+UVbknZ7fP5rUl1O/v1MVQJwlb44LRtdcCHTS6aNh1GkOoSF+MA0hBFgEozgglC4ruJRAdu84FxegAsZwkk7DSRIOp7xDnLKGp/8+RA8OcSIgERExzUkmeoZS5P/JmtE+lKlI5yqiKhYm63MoU1E/L6KXhQEVTKZp6ZnQAWpChbVpSvpN6CWnS9CSFGZuSiAj6iKEAHNPvCjClTnY51Emj9RWFMmPRkEWB8WA1mZEMshXt1xuT36mXkU0fAuWwL7RmxEtU4PExJvQq3NCCfEkCRsU6s2opQSsIdLNYcQ8SXQhTYxKxKc7l8MnMKX7kEtYjSYsrISaN6UkNn1T2cSaTqML3qMS2gapVBq3k45p+ZF3JFpvCRLKlDYGzh2Vcuw67bI6I+sCzdSrElqXELVgJGeTDZtSCivVrtL3KjRLg+SC/yGIZAdyP5QuU9g0fXwSLDWMiz5lzk+/ZUSMZ9WFpAhDYzydBuDokdOSIQ/8D5ZadCZ79apg9h5TNUCOCn2gBo0kOjX3cUxIJA2D4HmhxDjfM8hhGs/wjUTDAGHqhSSmlJRBitmjD0R+lJTB75EuViN+jlJxOZXYApbSnLDdRc/HKOo/VhhkuJj0hYhDsMP0gNhheE2Tmua+Zx/lVO9amRo6aSmqGDRjUD8JEgdTbAH6dX4xiKjEQzW1zyMrc3bELDowKGTUMiap3oK6AlQvAHIDDBSQCwBKI5EPpaC+n20ZBhOAVftRAwqiAUJwks7DuPNLw/AKYhrrh6am+0fI/3cWA4G44AEMIASKMQoZg7CDqANBVXFdBYzZk6ltyj8WkIS2DybL+IMZyMpSEi0YeLy2CaFJ0QizZR1hpiyLlDxtYCcx5kKJMCBCiiVMJHsJcyR5lpc7+K5yNhM4YKjZLT4ZOdEJ1IA8VPmNB3cB0xdKJinB8RdLJbRWci7dcRrzvEQNHg0Pq2zH38+abFd9gYjVFdbnJ0n46mdsLyRgmm0UvbFDsIJJ9huCUUJ8s/zLmqlTdo91f0PKYYGiwrKS4lY0+sIaOnhq8pwvUl8f4oKFG63CCK/4bYDiooYU43/OPAlVZQMU74CEqBKtNsvKCEEFoYOhkCiKio8LByuFpMuqHrVB+FW+nKNdI2opPEEzqj8mVKqJa32jKkLVt7mQ6OJOXErRESrAjih45NCjOz4q+ZEYIO3buz2oEwmN8Idl1yUNnEqlib3YbwWlcTuXrU4yn35dWZJte0xbRNeZwuQFR2l9hjMVK+h3hzyx6sVLRSnx8h5xwRxK9c1g0glm5OpsaTWRAWSg9V+RyJkQcgwVJBbqri31ohCO/80s2760P38K6FFUDDkfWhFNZfRETE9Aj6I6kFPm/tn5R8fkh2UblUrm5h9qboNnY0fPARxhCHniHaiisjfNm8Wo/QCa5UaC/54a7jeUgca0iZCj30TN7/P8O0CvQjenJwclw0+Z8bbHQw9KLYBVLYBnCQptO7ZKFvUFkaqOG3UI5qt5q9bzDAMO3sRTSvcPJKXgyztpj45tETLIV45lnKxMSo0rQO/02dRQErq2oOVwJzFZd/SK3qEEf5eEJx7qNXmlRKw7/s1xxKTZ6MKgFypxPLnEZSwNKIhaEFSKtRwhAKUfcQfIj4+wMS+SvXfsDOx8nge36xRW9ilYZ1Cf1CN5ZLUs+KfJtPWFxWTjqRYYbvjl8SrWMEqgcm7DONHgVhQZ9HkzOQ5QeoVn6dN7ByV2Cv8P85MQdSib64l90qkIEgVYKeXLxfJS/IyqO7ojq0c3QLPAL25HhxZZgaV4u+UMDKH2Shmojl40qBoCfGT9unSKA/MUomq7+ElXIRrWArlNxvLcqMx5RsmEyrScQ5Cw9IGHVCkjzVHIGYUghUvEQ1oNkxh5PxGsJIyIpmKsonmGDI1ByvRCtK6QVMuo2rD4pFMZ4ToqguJf45ITIu5OZ+A03KFYuH5uBf85JaPQKvcxCpG2+KJw/HGcg5QEGUJUG4ArkRUeCO4/KGXgXTiTSEcnEnVWEpwQuZJIVIfqUUyRWCYwi0gYCXqEEUnceLUkq4RAcDypBxbiqNngAHonRuXeiTSr8jkq0w2EFQiggA+QBJgIoA2RCJgOQB0iCUALoAolSxY+drMAU9PCKAVNdhayMSJxRGnBnQCOUHJn4UrTAuSshXlxaAulSsN9459gnREqSYfSH0w6yRtI+YFKU4DDZueTdjsxST4c6VRwJ+aU7UMarfIw3QmNru/ERHT1Ic8KgRSlPw6a0kITnqjse3dZxWZ4gs5af8gDjIJh+i5sHl2RABGnpUQkCs2JjjH5iPmMuWhCgmM36SEWJEgVXe7ECEiQ+qHlpiaQch/BppZKsp4nYTgWdWiGsOfFifY8kTD/czrQxjAy57wVqt5MbwQXwZJ6mj+HzGqag7c8/hAPCcCMFE8hIMEUdxsSbErkQGnCBB28YSLPvPAwpCRE2gwm1EzkYGJSHU60S3NHmNsBBqds+FgaWEIPYGKmZUnARFIFu+PADvNUezjp7zgPsR1y2e8WTLQ5CRNpBtSk271PmJgz9R3yMd85wmVyP8MEPXhMyKXnUG8+1qfjXO1Cx4mBXdBDo5GJoQWQTCSFMMnEUObSKXKH8NLHATc8dR9x/pswF55SvOKitRcKRQeBoRiFOAxForQqZzUYad7Y+1LVThL9uweFkBSxWxVrXEELs3tTc85nLlfurNxUk79BMUqCU+VBgQuZOjwR6h0IBCUAgkIJEMArVpNkkeLJQ254H7dTdAGVsDR93/d9zBbRGUa0gm9XoLUjAYFU4DEMISCIQQgpgjCjRge4rMNXaVA7fUXxmJmNCEJxuBQkIyeqznH8tsCJZCwcp7OK4LjmpF8JwkTnJjBNneP+FIRLCVpBmKjgaDZJIBwxOZwXg5CpvwzCJI964YVyskRAnygR0e4SoErJug9iLHFXMrFi+EW/bnogvfL3dp2HK3ZfpF7aF6LJxHinNGSNykR9XwUSqMInJAkmCqjGSBTME1DHSArQFVDFyeiOxmp3YlreyWUBUu5OZGRUjyDvxFPAI05yd6Qs70S+3oknznwnVWlMovITqmVOOelQ2MelJ7gbU96D62RR7Z7vrsgLyUWwJwEvgkkZ/CI4CkEYwaQOihEc6v2wU05++dSOJd3TmyvObBHHyR+OLvEJjLcLZjxtYE2I1gYmlZht4ChFbgMTxY/hJJtenn2mqOgGKimNmH+ql4wpUMM9vlY6e/9rxC5aG5/lfSTqtRovxY4RsQMDmTqbKTkEBQMnDcQ2TVzKrvh1wkXYsTBQJZ9Y/NZ2GQayXF5ZWhs2XlDyTrNQhcSnE1O4otmkeZemTXxS1aj1MJQqYRLx+7ufJz4y0jVShColbY4it0HdtfyRwURJ2SyWbwxpskRKVTAxlSjh6L1d6eCtyTa/SQN/igvKYLXSQtyxgoUUZ7Sl4P4zJnW3VGeFnk0+8rWprHH3U/adwH/3gep1ktrr/zglW1I3L6NUf4u2VwYbtKj66G2FDxvMM5uweWFm3MwLHLIoDY6ggeJIijZzpGyHqs6JcM1WvMuLDWklDB5X3nZSGHe4/pXh1fMaAaQS6clzj1awQztHsUYKI6tMQgGoOL0Ieb0vsJtc+hZR9QQf2TlchtVkAOlk/rdldhLCEkptSUKKaJbeVpnHf03+cXfamDUN8zPUEUoP7YakGkiTSTuVR5Mt+uTmBz6fp9xp1Cec/a5QmDucqmE9B2iEQeT7D0Mfz0VqNiZDegwQqxqT6W9qkP6oc9JE6ck9H9Gc13MbIoO6nkeXdVCwciVeOVSeV6wCehYoGGpS0M+L67mJiLna51ejYJbzfkOjwZQUZFWwFG5P7qQlN9FU73ZOCAnZYNBqw5UMLgZ9A3JRespIoj8XdUrNEjGzSd9tjud3rsHnqMC3tmnTMNsu0X38ssu3O1CQMqmvRnmcAZ/nj9wD8d86rH28BEimdgY5l7DHbTqtqz9FnE0UIcs6wX/srFhPWHVePAEON0Q57SpIMT7yOFXkTFfpJfDfx1U9uwQVoD/yEfQ/WakdeyB9Wkg0Uv7iJulLIGjS/aDbNFX20dTaj4svk/iPbweGCzvQKVLehfoEVXuTBaiaFxioAkJILfHFNDp1Gb08dE7yBpPmQMjRaAiFS6A1XA3TMvJsG60aqao9zwvbEpd8q0EQnw8guEZRzJPVcybKdAMj+Ig8Xf9ZZspQaSkeTCiqrEiL5a7jeHcaQ1jS+UyX8kzkdGmUxk+XErW/cOCEUppJGqzzephbTpjSgZaSGNOcTB43Iq0x3QC2DEVl7bikMv9AjBXBqeL2eT+kLAACBA0UkKkBb2S7znBMgh5mrXuUfcgcDhhXjaALOuQfZR4XFkUiDRdQqW1bu0fBzu7/33zSlJIEgabw/gJXxPHphJqguvUUcd5DNEeqpKpkBF54qzwxYCYFH4eiCavzi4kWqF+cFEL7xaMW4C9OysL8xUNNOCdYQiyvMpQ/VkT/F/POBDBO6SxEBiinYDtUg+FXHvh+MBUWXB1/AXEWBr1dwf783GO3wkXbw2NhCnw1Sp7ky4qcRGEdX1bVjSktvkyLWXZqcRec3TldQz0fvlA9zn6L8IUKCG0QAr7wh0L763shRT6qgNUKG78Um9Gh2JCesqRU4yxTxAxHA5rkpJK4A8BPtcSGAv6r96f7UCh41bNIb6mguZtSSIxOQB/Hdj+FpEtUPZbd/Mt+ttedwBxvglOloVfSwGpSddqgT6q/egNXNRoEpuozCPF82GasEgM2/a6Fi2WhF2x88CmFOpIq2fJADIL/lKJ7qAC7ouCpQ+/d8VXJT8UAbxcl1wMDX9EIOooNREzEviTA4EgD22IPhzbl0dA1xWiCVEz9cWQ/NRPWmcw6DkM0CcLCqCtJqH0dJlxHbeDjcQnC/IrgX8DYdNUu4QL6xIIAn4jczuEwGB45JNo+qMiqjjM7gzY/x0G+cSR+CqG9NzXgFeW9jCD3zHmrMzZ9ltZAU86EhqLXClouI0nw4nOgyVM6CndwWmhnVLGEuvTIqLOodPuEDpLcQ5l9fxA7Agk5Ulw/r+RhGf5HufhiserZYfE7U0f/un3qVilr+AH14H3qZpn+EqlOm65rBNY6HVQ/KuoqM63kpJ8pOufs9CGdxKcm49lYyyqvEzW/0sciu3tESwReWZ3/qoZE3SdPDkBb5A8q8V/RDAJIyhnw2xPsme6BSgUZoLSJIE9wa4tQCxZIyXnSxlQqWHJNUPMGxfCPj+17DMwXPl/a/pZeAQQTkL7Gv/edJwE4YspJFyq+TUrvOjvkb7AXD9Ig3ry/qO2vJ7TES/3KPj3wxHsqtsMmuatuC8fXd4W+oFJt4qE+Gv3U3trWcVrxwps4//7+gVoS9OWaEkZfJzAZZFWUFU5WrpRmD6GnU7WpoSWkTgxaIYWlhq1A9NYWgtKAYUnEGogW6RAoSIoz4BDwHJ3K5jG++gh8HwiGIh+KiTnCv7lfQwQN4sBIKsgKnA6l0o+COfGb7U6qzFTGPKiNCXXtaVRYvekoIhZFK7tAiX8h7AyeABWQ2+w05uEzWiCIGjUi6SZLKoj+6g7HeobHHY4v4HADOeGueBXD0Vzpyf6MdnfiaIwc+5Z51TtQ/GeUBkcSAmQFhUrt3k+nlxSidNKr4EYVaUr1tFOjKIYvR0Bxp+sLVECHpADpX2It6n0r3ejUZ/6VPT5E4rpbPrwqYp231h/911bxjQqkqjk83/+X5UNwtYDD9FKRVd1wsU0+ORqb9yTvdiy0xjsjxeMtJ+wZtdfhY/Wiow9+ROvIc68jnYSsUim8HD1jPmf9vSNVgaLBJv/x7s1zZMsoFdMZolVLtVpGfdbnORt4hAt2YSpvRJigcPGYW+EE9+wSVR/iKeZeKiFLzossg6LzW7jikyDm1CUbilyNuBIXP0tS4gOXdcxYoYqrajP9luy0Um0GueVa0mDwudZxiQs2epwLpvOCcRgXVMnngvMy/i6YzP/2o0DEgDK5mkDIO6MJSKL5U3owtBqWXHLnbwMmjY6FZ9jLm++FbUGal1R7wWHIXn7zgvMUTuZtQDnLPbKGe0J5UKcICUx4sgcjWt7gooU47ALUZMtM4aPIBVJZ95D5QEPSbwHESq4pcVu4eZBwCkYP5nnXAiMKBTggTJDQTEgvyk50WxhQKDIdyM0L4RhQ5sstpK+OK5pwe87EqxqEOUFsg3Cobv5xAAOL4hVPQPtvbz10LQBSCBcbYEEbANk2MjVmp0nvZ1QiSWqEQLa+6bH+wxEHAEkyoEIDLXaQY5rE4jGIRhEauY4pjtMYBWwDhrp0AgKLu9/v9/v9fk+HhSSVotzv9/v9fr+j+/1+vydpIUkiR4Gt8M8URmd3kayaWikFnMkKEgdqWcnzMa6F5X42aHneUXRGlUBmq8EQlDJpfLcW8fsrJ2ze1dzAsLeSKz5CwQXLSzlCRX0yxmgUNI/069HxUkkgBYjqAEQyq96orjT7Ngm8uw1HfLb5oiSPeyvBmLqVpzRJEsEZi1KtFhWbrsu9Ld4XtNJOg5M9GgIm6uUMU95KTpWLHg8K1/d60BiS50msgsGTc3DGc+tTkqhrPXhmZ7jIrmuiNGEoUgInjmaTeWSr8D+Dua4a9WTaq1YukFYWVvi1284m2FinCQnSX3QHKJzGhrNpyB1Icx4M5bM5fjtMejhOCmVJwJdApdnO5MD2mv4uEJB1C9PaozJ0mmzISqq6Gfh5PaexATUWFxFM0VkGNE1MvLrspwo7FDHW8Oa3FzGM+KCEkeQZC/UzexIGYt3je5OyAUzz6QPq37oHTArs/v46UXWbIlk9EjxCQkYJ32LvBHLCsan2e5QJhmCrQIU7lHJ1CcQ1XUaX4FF4ZfUUyLVbXa1KaSR5lVC4loAPHzDM7H1u8pEeuULL3b3Mpo5v2olS/XCqnWhPzLi1UzXxw8V2Yu8eebrZe5n9cNuJ6hJ2zxbzztuJqiB194T99XMS3goXbQ8ShinF2og51ZmVLbLzjKYz/3IShxmdWVU3pvw5My3G26nFHVp3ZzUb9sQ5Q7U9+yDmDKq1W1VvWP8SxI7wb4rrp/Q7mrp4oZsi+MsF+IMTqMixwHdAUCmV4L+JHDmq2BQ8japM1YcPvnspeJXO2vAoharWQjN06jogwlXDPyGqPssnxMeGxlGkYfPvHNi38BMEbAQwOIU60lQ4+AAx+YWmFJ2iAuweBa8cenrH90p+JQYoO8o9PLgvNBpBR/E7iYnYl8g3HCn6Wwzg0aY8GrqmGE2Qiqk/juynZsI6k1nHYYgmUdcYdSUJta/D6+2oDXw8Tp6YXxEMixibfN+lVESf4E/gE5Ebt9SwKrQioM5/QkwQ4miNYnhSEKeXUwyJoI2iXjlbMhqN/tHWwR9r1Z1B/jjlEGePhjDdKwjj6aSx7lHPUcQ3NZftnU/r40uLMWESAxcDqa0g12VUCV5UL7o8paNwB6cL7YwqlpBLj4w6i5Run9BBknqopuBgiI7AbMHg9lMlTy7PE10Wj+1Qe+5QAD5TR8O6fUrZUgZBDNSD96k3+0Qo0fm1ob9GwK/Twf6j0i9IiY6H/0z3dU7QYaST+P5kvNm1HOpr1zY42vJ6Yolo0ZkDVcMAfkrk/Dj9rF+oStuY+IcgSoJHYKfmXr76Z/ldaVW36vJF36ra5PpPIt8H92fYKEQvg3II45IwcvFwTZeosLnamNNqGjQp1ZUk1b4OUk1HPss0yZ4C/GsG+PIAVCkTQe/S/6kWVbfSjFrw4F+YuUek97d73C/GfqIPfYZase5m8J4CTxnNtiUouuFTg4proMngXdInxKSAcV+mDyvdk59IpV6Lgzv71X/0OzCq7Q2aH8v+ZXF6S1JiJpezWDpTdeohpzQNLKYyp4vM9myUALxGr1i40IFECCLz3ILIifg4y7glJznjKUS5mwMnxCTKwkTkUTUtP05UuIUU18bzl+5ELTIAH3JAFMDjsUPjkCvKrWBR2WxlgUeDEMlK3DWdqzQMlhZXPx55fpjAYlMiU6KwEjlRP+hHUo5KJqm0hGrzuEq1JXmp+IX3idJJ6r86R8vH47R7CX4TfAke/lEYz1BkpgOJIieVgVHkoWL6w1aPZsR8HyTei8dypFqlYQP9e0gOuf7bBN/8bF6LQVo87lMA43Gi2NaBTFF1mIQr4j8XAXSAAJIeWiQga6oA2EzE3EwGn0IWnzoGgJoV3uDwj8RsGI2wnxdMYABWQqy77LZmPAsqagycz2+iKUqyoCR+cBfJ+plDE15BPeyiHPTmqj7gswtbDRc5wiuoy3qHTUf1orPm5yfpOE7U8r0vwKOCBMV4FpS7rPSVw/GrCh0gUupmOh+eU47I18j9z4XEE81caPzscYRyM303OKTVgGg85B+hO1eMM2yaEUUBSBRlaVITSBLG49Ika6tTMIhEa+jJwNwFgQQgkQSSRHpwl7cLQcNv0unNZhEiaVK+IB23PQoOntMuW4a1RUQrN0Pw3wllfXPEkn0CypeksEKs6HSErrbu+N6wjs4la0Mcu0T8aAT9u+yspwMuIKi7IJ0IUiRF5CUFPOaRueGqaRmYBljOYa0hovsf8MwZqR/yzBPemCuayHKQ6C6LMRZXcf2sOgfaCGrdbKpNIcFkHGKNNdgw5x4ZFhHQc3lwW8LB1BpWNYTmoDNNsaIJAUgKUzAAAAwWHhHK5WKKMulRJUDkA8TbLvqBfIHGElsRPjpN64ZHo/LC5uhK1tuccjjVhUm0YmGXXYgkUypDowUcPjVBRLkLhSKJ1URIIj6PAoZDhIDNMBGC6Wo85Coi7G9yBg+5X2YgwCaSQx3xWlJdd+POYGqVpm5JciHLgEAtCB9jmntfHZ34jiOHwJ4njjCH3I0mK8UwF1AhpriiCqbKl0hMUfd8cZNqx+R3t8CNC1MTeKgbkTdNROSSvFsNpDHJicQwzukkpcfoP++e3TwN+27Ebw5JcH6DqkzUCytFgqT8kxnDqGeCEo562/2K1jQS5HbbBNTqHzozoH9OmoDOQcqRZ4Sfo59DVEtHHqjKEVWJuXntKaoTtVDkrIYngBueBC3LPeARLz6jinE3o8GrYBSRdxzWpAL9y7GqhHvBPpPCM/+vqjMDS1m8Ui6TwpaWsuHhVLE0jHf0IRdHMv6hifbY+GtwvwRK0X97YhoImXsdDjVtitNuppElxj4bvBmXK0IFAw9sBao/wp270bqne+aemdjCqoIiDGIAoDExyOlK0J/uJwKr1VPPVBb5CcONUzeaxNCnYAmVM7ApC0GDmSnxRZqGg/PFHLRM3kslwDFLvo6xqVbvVn2L0sGdXfm1avXXXt1/x9ykneNGkQDhBBXDlVUq9yGpsa1xg7Ji1hY9UgkK8+c+lKOfPDGOy9hkpkyK2EflVPLJJOsx7CPgI0VlI5sQiySVlshQQMvkfJEKeaSAHQUy0h9lEzJfM2nkiGuLhjOD4ds4K0IQFm2L87y0JQzvcGIZGaVxks8tGwjNAtWGp35teJnNQ5T0DEZyLBRDLPpAITsKSzJXa6/s5gTVxvaZ/TRhdVS3o9PmPjBwhTMbzh42m9NkFJSSeSVv+QgsBINpsxiosKdwmGX48etejzdpu2BXqB2fMn01VMFJl5+m4NbFtYi+tL8/j5uo9GREuQ5qMM4/bD43KEyeiNszQScPCBRfRESJFs9BKoRqV8WsWjDYjkHzE+lvcRwaSzpK8UV/l51uEP3rp0hlOgkIk5RywaUn015VjwXKA62IUw2TL3BxLwqk8gf3aux5vkOcOuR34ZH96I48MYcINb5a9lS7TSbBqFr3Jn/Z12KID6IpQp7InmULdNpsBS3+eFn6eqqGRsgzRqbl38k+mYccAFWAR50QGRbcWFCsf3GngS7v1BfovB8JM4CbVd9Le6Jd7fcsoFRpsRhTY89CIQme0xGCUp6bMO85MTrLZ1wyBQn2v6AZCe6CTVW5e+AszIPjVYlq5MxsUwiLaxVwVgeRKLJDz0mvD6T/oQmvPJAJ3AXgM4ocZUt1uHyypatc12THDFYu2dcFTvIsKwKfhJKwVMuhT3ZVcd4xG/6iXZxgiMwwhjQNbq+sENRHblSiBaE+dUZKSTXZlKZMXyI5MrIjqgK2mRR8RmkGaA6NPkMx5LApg9EatRw65fvYPeyVYlz9G+4NaIfiBJ0NFMn4eV+2J4ksOMA/JXkvTRtvTmO37cnfy6pXY6Z3H5QMbf1D2nYwcpHH0vW0z6ng+jEl+JEjIfdyrdg4TtHA7Qgmqse0JvumF10TkoWgfSSbtQiHpM4QMDFlyJxz0Bj/lUswGOR8cqAYB4C4AzzgV4H0xTe9zMKDwX9W6BtJGtuflrTfZDNupLzGcyayQ2gHdgo62frN96EZKMZ0ZKXXm4roTepGkfvkqqGP18tM3+0Ho7p5jJDGE4h2YFNMDrUHRgZtsLmh6qJx/MM16vNiB5H49Ko4OVQ1k7tXR0ru3foIYHjj38HRBsmjiRxkh7Ex8ZKr0YAZXyUeBebzy2PxwVVmqROZFi8hSNJUdxx7hVC2UBdTCM3mMcWUTTq+LTDUII5uAessTPYtcJtfHuEC0CmHD25coCemoY1OW1ItZOhwgamAAJy54S/aJT/BDMsalBZuUgD0JtRSa5Qt+3SywmgM/592+5IYgFyGMc3vjJ5ag5hYa5vC7Iyq9w/A5HGBEpMcsYP5aQ+BklazImZGqfw0RjVdooxJRnRAWtskX7UnkzGSSZl0DqV/rgT7mEaV6mZZ3cL/yqqO+9/bTC3ChDcYUqiAPgE2jURx2XtpqsoHl9LkYu5DF1JhjcxGcwFK4jFzzNryVQZiS7Zs5OuqKLeCOxomjNXvZxaSfBNOhnHwMZgqC84SvQeHziBmYja1qwvTMGlOWOxN6hYytx9c3rDOZD59BvRb1I+XI0wH98lMm+Lt7QF4AyqHBGeubiClTChagMJTX0aUzlAwGNEJhCXfoYvHOGwi+XfkrZ3fcVCe8NLKFUvJHUT62D2CUSU4kcXkpyDoCkQkIzJe8BSDGq3x0VcDUXeDJkMOSA3uIKm8e36wBn1vBBW2RIuoqI9NX03QRGxIGZ3Tr3HDiZkcOjyueFOEXhX83Qv3AHzAO/xHnoIIzRjUfcYIfA57peQnMwobp5dRBWAY6HOEdyV9YBUynVE8pg4c31cKanLChjxRUyOKpQphqA/GrvhoFu1p9OX4P6EojGU3IeYIt+ocSbg254uDDYnK81tK8srZvnnBsBwIuO7fdUq5Xq8gnCyRoaxXNdGB6KQw6ZfRp8TjLOqhQGUU9HqI+acF8qVuOqbsPvPeKG6QxSwn6csfhq28C0G1Ax8VbsDvV6hmGBJ520FvWxcFUGkrhYhQqAHIln7XwtFsw7aYkCksbr/8dQFqdvqmxFT0gdQnbHjarnjQ6nibJrAnk+Z99rICuGTwGI720ffNBlONUrljK6fZ7ESyju5WkjlRkcBJ3G+uJJuLzU7KPn/jNiE6gZOnlkgZVJhPaALKO3LK19Rk5D6YQA4l99oIxexY1Q9hbZFyoZb9gKk0JjzZ2ZXqV9xCkreFGkxKCKsiPiApR6d/YoIQ235VbMaQo88ggIb/Eug5sGUz/NdqHHnU2wc1t77+dQJK94L8ywpqAZoB/PQXaOimBoHgeKkI38kTz3t60KXZgyLkaWpZe3Y/HCqScDXZsVeb3yT5oHT4nuAc5ybxjhhUopPByqlsAESEWTo7bLcSpjBzBktCz8wA2vIQviB/iWwlm4Z0nw0cm8vXzEe4o56Q4oVVUhS4jdQ7B+lEcuRkRMNyT23NyVWM70K+iRE8LV33jqTxE+uk01glTrJR/mySIQ0KilebRBMlwwFplUOCk8+P+IW4RXsD5ao58eQB1RNr5JAxMhwdL3bC7JBtFmWjqnwBR4mO06XMwiJsYTpwhgi7L0kNV7VcR05d54uiDNBSsWBAe/k+Ll5UWGgiYjOgnfzawBhTMPSEVvJKMO2inIdA+E8jytLgrbYelyo+2DqwQGmrJU6ZbDDPyVQXPTy+ehcbNUIeCY07RSI6KHJ0WNfFHjQPOWRHCS6a38WNpD/t18pFBIPgRMuCqYWG7Dg5/6rMUrg8Rj4duScVPyjaTsmk4mOR8ZjdMtCXV8xi5M98tOYRyzgZOWPamRpvmeT7eakL+pNh6KX+ij71TpZJv1l6HY3WLnAydi5L5RCnJVG2LlnST4stVFNUPDmgAxsif58fBp+8klypeUZFQnIyKNbMo6+XHGOY2X5mtseJsYJABTRTw3mLfz3TrTShk2FUd7FWwTF05a1+e2M8ShiutDegOb1WHAYIHAa+OfHyIGdQtA01iYbIp9gbptIQuWZKdhI7n+dPNTyi/94QvBhE//Makm2RFOF/txAKmXTNopA9NEXHHZF8mi+TlO0o1Wm9/wdoXCZw4fDz8InxzSGXyPA+u5ojTAGMv4sPid9ZaiUH3LntX/RmDoQo0jRDM5/IqcGQsOOMlF6ZnjBE5bWdK976UoBvDaCyJ0OJNTND9R5+6RLFJTDQVrKwgQydBO14ut4+eGzisQtfWPbgaLn1WSv5+08FF+HRVvEuGiyT8neeoFLD0IOz8lf4YRv+9Y07dTD4VONowRTDnmIjnN3HIO0QtwvgsIOXxW2qKwvbPW97GgIvxO7SPVmkBVVC9S1H3cc1dDEaJkwDHTWRPH+C+tNjJywtQFmHrgEQIBDDCDMN7I/xM7YvXVASOcYjCqvkxn/Kf/lwxcsVm7ME6WFoRko4PTTpb2pD3nXruWGNQUvQLMmSP+kNh7KE/2u/gJCd5i34IM/dQpwPUW51RlMuKTcpYTbnorpd45fEWS8DZTAcFBKKtkoLNlpObUd6c+fnqD/0vMrhJ67uzdi656XXNnKLmd70FHWigcYFxxyMZq62R1XcuOfDeO5neCW3NjiaNsoN4JanULdnlz+nEs1u5MNKXHfv+j0nCFm/bBmCwhWTCeWgNarRKMUMPITg307ho3k5bo5I5jRjhoiOFxHZq4w4M2F6nG/mPaVQSRYc9uZOfHO9Cg2qHldzDgDY5BLTrL/TsGr+jg0xBB/BCaS0feN0PhV0ma42BjzW0bXdDEgyoha2keu/orYh5P4SRVftKRdgDj7Ogc5a7fxwCfU4xMlYuQCUyoTHtl0aYMECdEhVkHPKelxtJR2jOtcj4FTmsfypsA6VSAdYawfTyF495tBdu9p0OlDbO4qrE5VwoolszFZTFW3b1Y17jmZafxHg4TzptpcPuyOJrzJplel561GlyXHxUHpWQZrMvOM+aJ7nk75OSdyuiGfjV1E4BsoMmiUVbPevLDVwja3ZC0UNmNlVXvKzKS5okxQVwBB9orX7OLtBFYYl+1AzExrofCr0OsV6aOsQY9NOzSpIwzniDgqz0TSqc+TKk1pHqswXs+dEE0R3ytXbzbEDvXHoC01IH8rFOYQ6hr1M7d1JDyezJliYGFkckikKpi7Me/B9DTr8N0H+uj2nsE4o/yca8+hBEwfKUocCinLkxRf6T9iJBUkTT5BJ3LN0QHaP6RBIe/0bGn3kQleqlL22p71UniYqFqmbniZUgRCZ3juKeaPzz7i9hlGrTJwsPZahokYe/oR3H7nSPZWrHypLuJDHKGzlVG5BhUVtrRqKlVaUfMW2iLAW3v5Rmx2Mjl7iXy4OAuVKABKRMyJAiVYBAGNJyk27SqCRbP7ArNU7BQdPdZuHATjkVHrVyBgQT7PSEvV0S7Yjb2A+9TNSkYEdpuRicXZYF2zzAgCQ5AgZigUCh0UGf00Ch9l4vggPDuuETT5g4rIw1q3T9P9hmMZwKV6o3LE4lnz8m91uJajPJLRruIUr4tvssnm2exDcbF6XfJEPxgj8Ng7Srmnd3w9GWtKYampcEQwx+P9HF2L+fodPAyFTEhoV0sSrSF0hTQYZOdEorIUme1wVJBXfVvzswZAMl0ya1mnaguiwkk63AQB4bshZjstHNHS3IZbDcAQ/PykP2pjmD4dguy3FSBEVqZfqgMvulQEJd04KeHyi+w6+qPuUliCYFT+NOe7TUkpm0dQJtmgY5NKztio98AWdgZcE/HCMYvlDvwYy/jSuCGXeR3+jBfAGGZuxRK2XHBZMwb0Af/LcAobNSOXDONZ2Ke+JFSZHJgOvQOLO76k0mAVFOXfcxyw6IssS+vYxsPaaC+nJaek9Zi+mjJrQuNSF84p/ENsMyKyEZ3XR2qPsnHK7CJk9MLKt83s9CDvBxaRj5LGkYxIHBttGmRO5SzbGf2ZO5Xu13BBXlvun3YAYddOOVYUWN5j8z6bcaKTt+B0qkXPoTH1nCoF0qUCR36dkYvGjrHQ2RSqPKC3e2wakZ/5Q4tLbgH+kRbTLqoLiBMygQh+HP1Lzx+t3L8ynHmc/VHKvOFEqJc9mHbmOrfUjYJ3pweqpqI65v2aoaXLajkbpQSkoguJgcvuMnH5KFrTfEXpdGkAt+AlaEQ2I0oK74MEHp/GERwsLh7LhS1ZrilhzYjorVnwrR9OVQs3jE4l30XOlwgPlVUkeHVP39IJIrVCt9snGZ0BBeiHuhGL90C+zT3VZqmqcnhFQxxA+CkypZZivhppOCwqkWdqIQJCoVDtHUGDHX4To9fYp0ijBN0sUE0qFZQ++DYCfgVQ6SWUKzpBpCu3a6SfcEVUon2bSMIdg08H5WwFycBfzR9WeRgNDg0rKTjLfq265FWJYttHi7D0PQM8e05njEEk3JSr7jNKHyLAxJkQKzSjHEPMEqwKsAVPMfnej6pYTMqU04GDpkBMqXMMf9jMYjcGJOC6jBZmuQEQflXOCpyWo0SF/gCEQlR9ogugAqeAGkso86AUeV6CkJnBJBJ6sjgYa8CmxAKOujcROngsQcwDp4HQAmO7wi1TRCa+NT/o/IXPJl3+uEiybdwyN376ULb7Y/fIUxy+gawsHmuIzjsojhPBUc7XHL3XDTOhzeuySskqu9Dor8QKlOYXE4+negf6+IouRf/ijxY8o42Qkj+ny1PjPpO/5pVz0nwzTLxWs/qm8fmbfzfpuRPcjfe8GpWx8/KOJ8pcaUcflxtYfs307rFvx+B9x/pX8+ddAHKQxGuEPgfcToR+zlZB0etiYDjdjKSIayRlMk0gtZpNTQ3/wVyxnfAJ1gvU/5jvfKnmzSH+Dtp16kfR0RRiEPErbT6SNB/SQZQXtoEV3A1FLti1LLBfAnwc7oUi4aG80aeStR3Dc0v9Q40XYjOugwmj7Zge+ESzSk3sO5UBgbBMKnsuQWria7WGpQz6gsIdJKW/mKmybW7w9LZH5ipLQjaFiL9xGkUD57+dRljUNfrkTy99DW8Q1YerU/luxJsXBE65MhGl257c9oQRmjNKkwMhJsR16FNd5wJiILOIZrHh0dEqKUkokBKk4fCqrIoxttpETT7+2M+Ghb2E5ZRsbgIPgPr7u48ZIzsADtMO8Oe4pG+CV6k5ob8yY/yR2gmt3fXnNRBG+oopxe9Sc6rV1e767qdxx6YiA+k29ik4dLswevvOguTt81oF9DieRh6n0FbHOpFdwurs7r0TZ0iU0XN4/owSMSF0HsFMKfofBnh0AVPRyliKUVieF2Cy5zSlX5KT6e0Z31NRFBHPo3oLQcMR2dxN1IKBYF0VH7fLRYKMlY6QEJZNBa41jO59kN3vCEDsWk5ONl3Q70onSMm7P7xDBMJVjJe8KE3JoFNkJklfmRPQkNQQlPcuUwrlZxbxoP65hWg8AkaC4ppDIYy3US0HE6nsp95c9lVokk0oz4V9iOIgYHDvJ4kWPuJ6jxUCTF4BF9LsJ6Qf73EpcxCdEV0hrdUhsVPvwlmGPccSEep+sXkT1hxMslKWiE7EdMtCqRCm0SXv8XKMm98kwFrwkJJ5mM5uMx7ZHWKNh10gcC565HFr+TMKMjKI9GlpxOClfROrOICOfLydORreZ9G6RRF0dzzeefDpv/JHHk1E7T4SjMuScCU4XfVIeNndS86Of9gE081SSuRNCzFM/MJealze53LGWJxmwXMnKN9wt/ld6WRVlUHmrp59h+S7PkbleduOeLshKiAP01gfGkn5PV7fT5OIXTkFcbm3k2+tESZstRU8W3Co0QwBiqhioz8F3ngizfu5hDxHhdOr8DDCPChLSC9jY+UuSwncRG3V+gM5dpxmD00+WXPD18GmHFj0tDiJY98NPNvDFG9sM1ztCsucgqWx/Km9BMk/RQaOyBaB/Ej/B7pq6YH9+YQNiW27TTsV3MIkeBUczkI9zfdLH2fExOt+JLCL/fYPm56JMyOhvp/+9McOSvgFPuQJ3Mhx4qpfgUhc8tMFtHryDCFea8A39sm0TqzbotyzrB0Qt4GIP9wxFsL985X/U9E9U2ZLjVmMK6TaEgU6/br/W26UDIPw89Z1s7paVIF912edWSg3lHHiZiqrYD+Q70QnAQm9x1ZuSEXa5663RJCFbPCNu9TrpGt4YL/6s69gNW+IEO0FMcvAhOhL2NVpZNGzPUVO3xiaMTaI4YBMQUbFaWJjGT0+1lTMVkSzyVwP/C94WowQsMCGNMy1josyRG8wysykjtDv0IWb2afnoHQmg+aUEO2B4M8skHAU5wLVbfPwMePDufhkeazYwMQzDQpaFQccSysAuARykwlCSP2NZr+XRyv8lxSwwaJOjS7Ggo8cNNNKJPj6MvJSmjJhqzNYTLy2RTEWbeUj4UjX3QqL4TBdCMoBxYFWBnyApEq2PJTtnAYlVDHC7amOoeXPjX8SLNqiQaxiE1Uap84ZwQYYW6kiqL4rmCCc12ictM53cC1OqOWsX/FKgBp6YY56SV4uILZESp3MInRp8AV+krWrRHkCkobTmllAARG1pqmc9o2ptS/XG2yufGmwXrszEZIIEsaOgKg== data: - components: |- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremachines.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureMachine - listKind: AzureMachineList - plural: azuremachines - singular: azuremachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - priority: 1 - type: string - - description: Azure VM provisioning state - jsonPath: .status.vmState - name: State - type: string - - description: Machine object to which this AzureMachine belongs - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - priority: 1 - type: string - - description: Azure VM ID - jsonPath: .spec.providerID - name: VM ID - priority: 1 - type: string - - description: Azure VM Size - jsonPath: .spec.vmSize - name: VM Size - priority: 1 - type: string - - description: Time duration since creation of this AzureMachine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureMachine is the Schema for the azuremachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureMachineSpec defines the desired state of AzureMachine. - properties: - acceleratedNetworking: - description: 'Deprecated: AcceleratedNetworking should be set in the - networkInterfaces field.' - type: boolean - additionalCapabilities: - description: AdditionalCapabilities specifies additional capabilities - enabled or disabled on the virtual machine. - properties: - ultraSSDEnabled: - description: |- - UltraSSDEnabled enables or disables Azure UltraSSD capability for the virtual machine. - Defaults to true if Ultra SSD data disks are specified, - otherwise it doesn't set the capability on the VM. - type: boolean - type: object - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the - AzureMachine's value takes precedence. - type: object - allocatePublicIP: - description: AllocatePublicIP allows the ability to create dynamic - public ips for machines where this value is true. - type: boolean - capacityReservationGroupID: - description: |- - CapacityReservationGroupID specifies the capacity reservation group resource id that should be - used for allocating the virtual machine. - The field size should be greater than 0 and the field input must start with '/'. - The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. - The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively. - It is optional but may not be changed once set. - type: string - dataDisks: - description: DataDisk specifies the parameters that are used to add - one or more data disks to the machine - items: - description: DataDisk specifies the parameters that are used to - add one or more data disks to the machine. - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diskSizeGB: - description: DiskSizeGB is the size in GB to assign to the data - disk. - format: int32 - type: integer - lun: - description: |- - Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. - The value must be between 0 and 63. - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk parameters - for the data disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security profile - for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - nameSuffix: - description: |- - NameSuffix is the suffix to be appended to the machine name to generate the disk name. - Each disk name will be in format _. - type: string - required: - - diskSizeGB - - nameSuffix - type: object - type: array - diagnostics: - description: |- - Diagnostics specifies the diagnostics settings for a virtual machine. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - boot: - description: |- - Boot configures the boot diagnostics settings for the virtual machine. - This allows to configure capturing serial output from the virtual machine on boot. - This is useful for debugging software based launch issues. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - storageAccountType: - description: |- - StorageAccountType determines if the storage account for storing the diagnostics data - should be disabled (Disabled), provisioned by Azure (Managed) or by the user (UserManaged). - enum: - - Managed - - UserManaged - - Disabled - type: string - userManaged: - description: UserManaged provides a reference to the user-managed - storage account. - properties: - storageAccountURI: - description: |- - StorageAccountURI is the URI of the user-managed storage account. - The URI typically will be `https://.blob.core.windows.net/` - but may differ if you are using Azure DNS zone endpoints. - You can find the correct endpoint by looking for the Blob Primary Endpoint in the - endpoints tab in the Azure console or with the CLI by issuing - `az storage account list --query='[].{name: name, "resource group": resourceGroup, "blob endpoint": primaryEndpoints.blob}'`. - maxLength: 1024 - pattern: ^https:// - type: string - required: - - storageAccountURI - type: object - required: - - storageAccountType - type: object - type: object - disableExtensionOperations: - description: |- - DisableExtensionOperations specifies whether extension operations should be disabled on the virtual machine. - Use this setting only if VMExtensions are not supported by your image, as it disables CAPZ bootstrapping extension used for detecting Kubernetes bootstrap failure. - This may only be set to True when no extensions are configured on the virtual machine. - type: boolean - dnsServers: - description: DNSServers adds a list of DNS Server IP addresses to - the VM NICs. - items: - type: string - type: array - enableIPForwarding: - description: |- - EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine - to another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller - manager). Default is false for disabled. - type: boolean - failureDomain: - description: |- - FailureDomain is the failure domain unique identifier this Machine should be attached to, - as defined in Cluster API. This relates to an Azure Availability Zone - type: string - identity: - default: None - description: |- - Identity is the type of identity used for the virtual machine. - The type 'SystemAssigned' is an implicitly created identity. - The generated identity will be assigned a Subscription contributor role. - The type 'UserAssigned' is a standalone Azure resource provided by the user - and assigned to the VM - enum: - - None - - SystemAssigned - - UserAssigned - type: string - image: - description: |- - Image is used to provide details of an image to use during VM creation. - If image details are omitted the image will default the Azure Marketplace "capi" offer, - which is based on Ubuntu. - properties: - computeGallery: - description: ComputeGallery specifies an image to use from the - Azure Compute Gallery - properties: - gallery: - description: Gallery specifies the name of the compute image - gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - plan: - description: Plan contains plan information. - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - required: - - offer - - publisher - - sku - type: object - resourceGroup: - description: ResourceGroup specifies the resource group containing - the private compute gallery. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the subscription - that contains the private compute gallery. - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - version - type: object - id: - description: ID specifies an image to use by ID - type: string - marketplace: - description: Marketplace specifies an image to use from the Azure - Marketplace - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization that - created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - thirdPartyImage: - default: false - description: |- - ThirdPartyImage indicates the image is published by a third party publisher and a Plan - will be generated for it. - type: boolean - version: - description: |- - Version specifies the version of an image sku. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - offer - - publisher - - sku - - version - type: object - sharedGallery: - description: |- - SharedGallery specifies an image to use from an Azure Shared Image Gallery - Deprecated: use ComputeGallery instead. - properties: - gallery: - description: Gallery specifies the name of the shared image - gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - publisher: - description: |- - Publisher is the name of the organization that created the image. - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - resourceGroup: - description: ResourceGroup specifies the resource group containing - the shared image gallery - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the subscription - that contains the shared image gallery - minLength: 1 - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - resourceGroup - - subscriptionID - - version - type: object - type: object - networkInterfaces: - description: |- - NetworkInterfaces specifies a list of network interface configurations. - If left unspecified, the VM will get a single network interface with a - single IPConfig in the subnet specified in the cluster's node subnet field. - The primary interface will be the first networkInterface specified (index 0) in the list. - items: - description: NetworkInterface defines a network interface. - properties: - acceleratedNetworking: - description: |- - AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on - whether the requested VMSize supports accelerated networking. - If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error. - type: boolean - privateIPConfigs: - description: |- - PrivateIPConfigs specifies the number of private IP addresses to attach to the interface. - Defaults to 1 if not specified. - type: integer - subnetName: - description: SubnetName specifies the subnet in which the new - network interface will be placed. - type: string - type: object - type: array - osDisk: - description: OSDisk specifies the parameters for the operating system - disk of the machine - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diffDiskSettings: - description: DiffDiskSettings describe ephemeral disk settings - for the os disk. - properties: - option: - description: |- - Option enables ephemeral OS when set to "Local" - See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks for full details - enum: - - Local - type: string - placement: - description: Placement specifies the ephemeral disk placement - for operating system disk. If placement is specified, Option - must be set to "Local". - enum: - - CacheDisk - - NvmeDisk - - ResourceDisk - type: string - required: - - option - type: object - diskSizeGB: - description: |- - DiskSizeGB is the size in GB to assign to the OS disk. - Will have a default of 30GB if not provided - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk parameters - for the OS disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security profile - for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - osType: - type: string - required: - - osType - type: object - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - roleAssignmentName: - description: 'Deprecated: RoleAssignmentName should be set in the - systemAssignedIdentityRole field.' - type: string - securityProfile: - description: SecurityProfile specifies the Security profile settings - for a virtual machine. - properties: - encryptionAtHost: - description: |- - This field indicates whether Host Encryption should be enabled - or disabled for a virtual machine or virtual machine scale set. - This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. - Default is disabled. - type: boolean - securityType: - description: |- - SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to - enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. - enum: - - ConfidentialVM - - TrustedLaunch - type: string - uefiSettings: - description: UefiSettings specifies the security settings like - secure boot and vTPM used while creating the virtual machine. - properties: - secureBootEnabled: - description: |- - SecureBootEnabled specifies whether secure boot should be enabled on the virtual machine. - Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - vTpmEnabled: - description: |- - VTpmEnabled specifies whether vTPM should be enabled on the virtual machine. - When true it enables the virtualized trusted platform module measurements to create a known good boot integrity policy baseline. - The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. - This is required to be set to Enabled if SecurityEncryptionType is defined. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - type: object - type: object - spotVMOptions: - description: SpotVMOptions allows the ability to specify the Machine - should use a Spot VM - properties: - evictionPolicy: - description: EvictionPolicy defines the behavior of the virtual - machine when it is evicted. It can be either Delete or Deallocate. - enum: - - Deallocate - - Delete - type: string - maxPrice: - anyOf: - - type: integer - - type: string - description: MaxPrice defines the maximum price the user is willing - to pay for Spot VM instances - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - sshPublicKey: - description: |- - SSHPublicKey is the SSH public key string, base64-encoded to add to a Virtual Machine. Linux only. - Refer to documentation on how to set up SSH access on Windows instances. - type: string - subnetName: - description: 'Deprecated: SubnetName should be set in the networkInterfaces - field.' - type: string - systemAssignedIdentityRole: - description: SystemAssignedIdentityRole defines the role and scope - to assign to the system-assigned identity. - properties: - definitionID: - description: |- - DefinitionID is the ID of the role definition to create for a system assigned identity. It can be an Azure built-in role or a custom role. - Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles - type: string - name: - description: |- - Name is the name of the role assignment to create for a system assigned identity. It can be any valid UUID. - If not specified, a random UUID will be generated. - type: string - scope: - description: |- - Scope is the scope that the role assignment or definition applies to. The scope can be any REST resource instance. - If not specified, the scope will be the subscription. - type: string - type: object - userAssignedIdentities: - description: |- - UserAssignedIdentities is a list of standalone Azure identities provided by the user - The lifecycle of a user-assigned identity is managed separately from the lifecycle of - the AzureMachine. - See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli - items: - description: |- - UserAssignedIdentity defines the user-assigned identities provided - by the user to be assigned to Azure resources. - properties: - providerID: - description: |- - ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: - 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' - type: string - required: - - providerID - type: object - type: array - vmExtensions: - description: VMExtensions specifies a list of extensions to be added - to the virtual machine. - items: - description: VMExtension specifies the parameters for a custom VM - extension. - properties: - name: - description: Name is the name of the extension. - type: string - protectedSettings: - additionalProperties: - type: string - description: ProtectedSettings is a JSON formatted protected - settings for the extension. - type: object - publisher: - description: Publisher is the name of the extension handler - publisher. - type: string - settings: - additionalProperties: - type: string - description: Settings is a JSON formatted public settings for - the extension. - type: object - version: - description: Version specifies the version of the script handler. - type: string - required: - - name - - publisher - - version - type: object - type: array - vmSize: - type: string - required: - - osDisk - - vmSize - type: object - status: - description: AzureMachineStatus defines the observed state of AzureMachine. - properties: - addresses: - description: Addresses contains the Azure instance associated addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines current service state of the AzureMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - ErrorMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - ErrorReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - ready: - description: Ready is true when the provider resource is ready. - type: boolean - vmState: - description: VMState is the provisioning state of the Azure virtual - machine. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azureclusters.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureCluster - listKind: AzureClusterList - plural: azureclusters - singular: azurecluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - priority: 1 - type: string - - jsonPath: .spec.resourceGroup - name: Resource Group - priority: 1 - type: string - - jsonPath: .spec.subscriptionID - name: SubscriptionID - priority: 1 - type: string - - jsonPath: .spec.location - name: Location - priority: 1 - type: string - - description: Control Plane Endpoint - jsonPath: .spec.controlPlaneEndpoint.host - name: Endpoint - priority: 1 - type: string - - description: Time duration since creation of this AzureCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureCluster is the Schema for the azureclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureClusterSpec defines the desired state of AzureCluster. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the - ones added by default. - type: object - azureEnvironment: - description: |- - AzureEnvironment is the name of the AzureCloud to be used. - The default value that would be used by most users is "AzurePublicCloud", other values are: - - ChinaCloud: "AzureChinaCloud" - - GermanCloud: "AzureGermanCloud" - - PublicCloud: "AzurePublicCloud" - - USGovernmentCloud: "AzureUSGovernmentCloud" - - - Note that values other than the default must also be accompanied by corresponding changes to the - aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does - not support referring to multiple different clouds in a single installation. The following fields must - be defined in the Secret: - - AZURE_AUTHORITY_HOST - - AZURE_RESOURCE_MANAGER_ENDPOINT - - AZURE_RESOURCE_MANAGER_AUDIENCE - - - See the [ASO docs] for more details. - - - [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ - type: string - bastionSpec: - description: BastionSpec encapsulates all things related to the Bastions - in the cluster. - properties: - azureBastion: - description: AzureBastion specifies how the Azure Bastion cloud - component should be configured. - properties: - enableTunneling: - default: false - description: EnableTunneling enables the native client support - feature for the Azure Bastion Host. Defaults to false. - type: boolean - name: - type: string - publicIP: - description: PublicIPSpec defines the inputs to create an - Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated with - the object. - properties: - tag: - description: 'Tag specifies the value of the IP - tag associated with the public IP. Example: SQL.' - type: string - type: - description: 'Type specifies the IP tag type. Example: - FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - sku: - default: Basic - description: BastionHostSkuName configures the tier of the - Azure Bastion Host. Can be either Basic or Standard. Defaults - to Basic. - enum: - - Basic - - Standard - type: string - subnet: - description: SubnetSpec configures an Azure subnet. - properties: - cidrBlocks: - description: CIDRBlocks defines the subnet's address space, - specified as one or more address prefixes in CIDR notation. - items: - type: string - type: array - id: - description: |- - ID is the Azure resource ID of the subnet. - READ-ONLY - type: string - name: - description: Name defines a name for the subnet resource. - type: string - natGateway: - description: NatGateway associated with this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the NAT gateway. - READ-ONLY - type: string - ip: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of - the IP tag associated with the public - IP. Example: SQL.' - type: string - type: - description: 'Type specifies the IP tag - type. Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - name: - type: string - required: - - name - type: object - privateEndpoints: - description: PrivateEndpoints defines a list of private - endpoints that should be attached to this subnet. - items: - description: PrivateEndpointSpec configures an Azure - Private Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies - the Application security group in which the private - endpoint IP configuration is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies - the network interface name associated with the - private endpoint. - type: string - location: - description: Location specifies the region to create - the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the private - endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections specifies - Private Link Service Connections of the private - endpoint. - items: - description: PrivateLinkServiceConnection defines - the specification for a private link service - connection associated with a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the ID(s) - of the group(s) obtained from the remote - resource that this private endpoint should - connect to. - items: - type: string - type: array - name: - description: Name specifies the name of the - private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies - the resource ID of the private link service. - type: string - requestMessage: - description: RequestMessage specifies a message - passed to the owner of the remote resource - with the private endpoint connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - role: - description: Role defines the subnet role (eg. Node, ControlPlane) - enum: - - node - - control-plane - - bastion - - cluster - type: string - routeTable: - description: RouteTable defines the route table that should - be attached to this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the route table. - READ-ONLY - type: string - name: - type: string - required: - - name - type: object - securityGroup: - description: SecurityGroup defines the NSG (network security - group) that should be attached to this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the security group. - READ-ONLY - type: string - name: - type: string - securityRules: - description: SecurityRules is a slice of Azure security - rules for security groups. - items: - description: SecurityRule defines an Azure security - rule for security groups. - properties: - action: - default: Allow - description: Action specifies whether network - traffic is allowed or denied. Can either be - "Allow" or "Deny". Defaults to "Allow". - enum: - - Allow - - Deny - type: string - description: - description: A description for this rule. Restricted - to 140 chars. - type: string - destination: - description: Destination is the destination - address prefix. CIDR or destination IP range. - Asterix '*' can also be used to match all - source IPs. Default tags such as 'VirtualNetwork', - 'AzureLoadBalancer' and 'Internet' can also - be used. - type: string - destinationPorts: - description: DestinationPorts specifies the - destination port or range. Integer or range - between 0 and 65535. Asterix '*' can also - be used to match all ports. - type: string - direction: - description: Direction indicates whether the - rule applies to inbound, or outbound traffic. - "Inbound" or "Outbound". - enum: - - Inbound - - Outbound - type: string - name: - description: Name is a unique name within the - network security group. - type: string - priority: - description: Priority is a number between 100 - and 4096. Each rule should have a unique value - for priority. Rules are processed in priority - order, with lower numbers processed before - higher numbers. Once traffic matches a rule, - processing stops. - format: int32 - type: integer - protocol: - description: Protocol specifies the protocol - type. "Tcp", "Udp", "Icmp", or "*". - enum: - - Tcp - - Udp - - Icmp - - '*' - type: string - source: - description: Source specifies the CIDR or source - IP range. Asterix '*' can also be used to - match all source IPs. Default tags such as - 'VirtualNetwork', 'AzureLoadBalancer' and - 'Internet' can also be used. If this is an - ingress rule, specifies where network traffic - originates from. - type: string - sourcePorts: - description: SourcePorts specifies source port - or range. Integer or range between 0 and 65535. - Asterix '*' can also be used to match all - ports. - type: string - sources: - description: Sources specifies The CIDR or source - IP ranges. - items: - type: string - type: array - required: - - description - - direction - - name - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - tags: - additionalProperties: - type: string - description: Tags defines a map of tags. - type: object - required: - - name - type: object - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual Network - service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an Azure - Service Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - name - - role - type: object - type: object - type: object - cloudProviderConfigOverrides: - description: |- - CloudProviderConfigOverrides is an optional set of configuration values that can be overridden in azure cloud provider config. - This is only a subset of options that are available in azure cloud provider config. - Some values for the cloud provider config are inferred from other parts of cluster api provider azure spec, and may not be available for overrides. - See: https://cloud-provider-azure.sigs.k8s.io/install/configs - Note: All cloud provider config values can be customized by creating the secret beforehand. CloudProviderConfigOverrides is only used when the secret is managed by the Azure Provider. - properties: - backOffs: - description: BackOffConfig indicates the back-off config options. - properties: - cloudProviderBackoff: - type: boolean - cloudProviderBackoffDuration: - type: integer - cloudProviderBackoffExponent: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderBackoffJitter: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderBackoffRetries: - type: integer - type: object - rateLimits: - items: - description: |- - RateLimitSpec represents the rate limit configuration for a particular kind of resource. - Eg. loadBalancerRateLimit is used to configure rate limits for load balancers. - This eventually gets converted to CloudProviderRateLimitConfig that cloud-provider-azure expects. - See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 - We cannot use CloudProviderRateLimitConfig directly because floating point values are not supported in controller-tools. - See: https://github.com/kubernetes-sigs/controller-tools/issues/245 - properties: - config: - description: RateLimitConfig indicates the rate limit config - options. - properties: - cloudProviderRateLimit: - type: boolean - cloudProviderRateLimitBucket: - type: integer - cloudProviderRateLimitBucketWrite: - type: integer - cloudProviderRateLimitQPS: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderRateLimitQPSWrite: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - name: - description: Name is the name of the rate limit spec. - enum: - - defaultRateLimit - - routeRateLimit - - subnetsRateLimit - - interfaceRateLimit - - routeTableRateLimit - - loadBalancerRateLimit - - publicIPAddressRateLimit - - securityGroupRateLimit - - virtualMachineRateLimit - - storageAccountRateLimit - - diskRateLimit - - snapshotRateLimit - - virtualMachineScaleSetRateLimit - - virtualMachineSizesRateLimit - - availabilitySetRateLimit - type: string - required: - - name - type: object - type: array - type: object - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. It is not recommended to set - this when creating an AzureCluster as CAPZ will set this for you. However, if it is set, CAPZ will not change it. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - extendedLocation: - description: ExtendedLocation is an optional set of ExtendedLocation - properties for clusters on Azure public MEC. - properties: - name: - description: Name defines the name for the extended location. - type: string - type: - description: Type defines the type for the extended location. - enum: - - EdgeZone - type: string - required: - - name - - type - type: object - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: |- - FailureDomains is a list of failure domains in the cluster's region, used to restrict - eligibility to host the control plane. A FailureDomain maps to an availability zone, - which is a separated group of datacenters within a region. - See: https://learn.microsoft.com/azure/reliability/availability-zones-overview - type: object - identityRef: - description: IdentityRef is a reference to an AzureIdentity to be - used when reconciling this cluster - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - location: - type: string - networkSpec: - description: NetworkSpec encapsulates all things related to Azure - network. - properties: - apiServerLB: - description: APIServerLB is the configuration for the control-plane - load balancer. - properties: - backendPool: - description: BackendPool describes the backend pool of the - load balancer. - properties: - name: - description: |- - Name specifies the name of backend pool for the load balancer. If not specified, the default name will - be set, depending on the load balancer role. - type: string - type: object - frontendIPs: - items: - description: FrontendIP defines a load balancer frontend - IP configuration. - properties: - name: - minLength: 1 - type: string - privateIP: - type: string - publicIP: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of the - IP tag associated with the public IP. Example: - SQL.' - type: string - type: - description: 'Type specifies the IP tag type. - Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - required: - - name - type: object - type: array - frontendIPsCount: - description: FrontendIPsCount specifies the number of frontend - IP addresses for the load balancer. - format: int32 - type: integer - id: - description: |- - ID is the Azure resource ID of the load balancer. - READ-ONLY - type: string - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout for - the TCP idle connection. - format: int32 - type: integer - name: - type: string - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer Type. - type: string - type: object - controlPlaneOutboundLB: - description: |- - ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer. - This is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic. - properties: - backendPool: - description: BackendPool describes the backend pool of the - load balancer. - properties: - name: - description: |- - Name specifies the name of backend pool for the load balancer. If not specified, the default name will - be set, depending on the load balancer role. - type: string - type: object - frontendIPs: - items: - description: FrontendIP defines a load balancer frontend - IP configuration. - properties: - name: - minLength: 1 - type: string - privateIP: - type: string - publicIP: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of the - IP tag associated with the public IP. Example: - SQL.' - type: string - type: - description: 'Type specifies the IP tag type. - Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - required: - - name - type: object - type: array - frontendIPsCount: - description: FrontendIPsCount specifies the number of frontend - IP addresses for the load balancer. - format: int32 - type: integer - id: - description: |- - ID is the Azure resource ID of the load balancer. - READ-ONLY - type: string - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout for - the TCP idle connection. - format: int32 - type: integer - name: - type: string - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer Type. - type: string - type: object - nodeOutboundLB: - description: NodeOutboundLB is the configuration for the node - outbound load balancer. - properties: - backendPool: - description: BackendPool describes the backend pool of the - load balancer. - properties: - name: - description: |- - Name specifies the name of backend pool for the load balancer. If not specified, the default name will - be set, depending on the load balancer role. - type: string - type: object - frontendIPs: - items: - description: FrontendIP defines a load balancer frontend - IP configuration. - properties: - name: - minLength: 1 - type: string - privateIP: - type: string - publicIP: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of the - IP tag associated with the public IP. Example: - SQL.' - type: string - type: - description: 'Type specifies the IP tag type. - Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - required: - - name - type: object - type: array - frontendIPsCount: - description: FrontendIPsCount specifies the number of frontend - IP addresses for the load balancer. - format: int32 - type: integer - id: - description: |- - ID is the Azure resource ID of the load balancer. - READ-ONLY - type: string - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout for - the TCP idle connection. - format: int32 - type: integer - name: - type: string - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer Type. - type: string - type: object - privateDNSZoneName: - description: PrivateDNSZoneName defines the zone name for the - Azure Private DNS. - type: string - subnets: - description: Subnets is the configuration for the control-plane - subnet and the node subnet. - items: - description: SubnetSpec configures an Azure subnet. - properties: - cidrBlocks: - description: CIDRBlocks defines the subnet's address space, - specified as one or more address prefixes in CIDR notation. - items: - type: string - type: array - id: - description: |- - ID is the Azure resource ID of the subnet. - READ-ONLY - type: string - name: - description: Name defines a name for the subnet resource. - type: string - natGateway: - description: NatGateway associated with this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the NAT gateway. - READ-ONLY - type: string - ip: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of the - IP tag associated with the public IP. Example: - SQL.' - type: string - type: - description: 'Type specifies the IP tag type. - Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - name: - type: string - required: - - name - type: object - privateEndpoints: - description: PrivateEndpoints defines a list of private - endpoints that should be attached to this subnet. - items: - description: PrivateEndpointSpec configures an Azure Private - Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies the - Application security group in which the private - endpoint IP configuration is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies - the network interface name associated with the private - endpoint. - type: string - location: - description: Location specifies the region to create - the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the private - endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections specifies - Private Link Service Connections of the private - endpoint. - items: - description: PrivateLinkServiceConnection defines - the specification for a private link service connection - associated with a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the ID(s) of - the group(s) obtained from the remote resource - that this private endpoint should connect - to. - items: - type: string - type: array - name: - description: Name specifies the name of the - private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies - the resource ID of the private link service. - type: string - requestMessage: - description: RequestMessage specifies a message - passed to the owner of the remote resource - with the private endpoint connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - role: - description: Role defines the subnet role (eg. Node, ControlPlane) - enum: - - node - - control-plane - - bastion - - cluster - type: string - routeTable: - description: RouteTable defines the route table that should - be attached to this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the route table. - READ-ONLY - type: string - name: - type: string - required: - - name - type: object - securityGroup: - description: SecurityGroup defines the NSG (network security - group) that should be attached to this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the security group. - READ-ONLY - type: string - name: - type: string - securityRules: - description: SecurityRules is a slice of Azure security - rules for security groups. - items: - description: SecurityRule defines an Azure security - rule for security groups. - properties: - action: - default: Allow - description: Action specifies whether network - traffic is allowed or denied. Can either be - "Allow" or "Deny". Defaults to "Allow". - enum: - - Allow - - Deny - type: string - description: - description: A description for this rule. Restricted - to 140 chars. - type: string - destination: - description: Destination is the destination address - prefix. CIDR or destination IP range. Asterix - '*' can also be used to match all source IPs. - Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' - and 'Internet' can also be used. - type: string - destinationPorts: - description: DestinationPorts specifies the destination - port or range. Integer or range between 0 and - 65535. Asterix '*' can also be used to match - all ports. - type: string - direction: - description: Direction indicates whether the rule - applies to inbound, or outbound traffic. "Inbound" - or "Outbound". - enum: - - Inbound - - Outbound - type: string - name: - description: Name is a unique name within the - network security group. - type: string - priority: - description: Priority is a number between 100 - and 4096. Each rule should have a unique value - for priority. Rules are processed in priority - order, with lower numbers processed before higher - numbers. Once traffic matches a rule, processing - stops. - format: int32 - type: integer - protocol: - description: Protocol specifies the protocol type. - "Tcp", "Udp", "Icmp", or "*". - enum: - - Tcp - - Udp - - Icmp - - '*' - type: string - source: - description: Source specifies the CIDR or source - IP range. Asterix '*' can also be used to match - all source IPs. Default tags such as 'VirtualNetwork', - 'AzureLoadBalancer' and 'Internet' can also - be used. If this is an ingress rule, specifies - where network traffic originates from. - type: string - sourcePorts: - description: SourcePorts specifies source port - or range. Integer or range between 0 and 65535. - Asterix '*' can also be used to match all ports. - type: string - sources: - description: Sources specifies The CIDR or source - IP ranges. - items: - type: string - type: array - required: - - description - - direction - - name - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - tags: - additionalProperties: - type: string - description: Tags defines a map of tags. - type: object - required: - - name - type: object - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual Network - service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an Azure Service - Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - name - - role - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnet: - description: Vnet is the configuration for the Azure virtual network. - properties: - cidrBlocks: - description: CIDRBlocks defines the virtual network's address - space, specified as one or more address prefixes in CIDR - notation. - items: - type: string - type: array - id: - description: |- - ID is the Azure resource ID of the virtual network. - READ-ONLY - type: string - name: - description: Name defines a name for the virtual network resource. - type: string - peerings: - description: Peerings defines a list of peerings of the newly - created virtual network with existing virtual networks. - items: - description: VnetPeeringSpec specifies an existing remote - virtual network to peer with the AzureCluster's virtual - network. - properties: - forwardPeeringProperties: - description: |- - ForwardPeeringProperties specifies VnetPeeringProperties for peering from the cluster's virtual network to the - remote virtual network. - properties: - allowForwardedTraffic: - description: |- - AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be - allowed/disallowed in remote virtual network. - type: boolean - allowGatewayTransit: - description: |- - AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual - network. - type: boolean - allowVirtualNetworkAccess: - description: |- - AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access - the VMs in remote virtual network space. - type: boolean - useRemoteGateways: - description: |- - UseRemoteGateways specifies if remote gateways can be used on this virtual network. - If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network - will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. - This flag cannot be set if virtual network already has a gateway. - type: boolean - type: object - remoteVnetName: - description: RemoteVnetName defines name of the remote - virtual network. - type: string - resourceGroup: - description: ResourceGroup is the resource group name - of the remote virtual network. - type: string - reversePeeringProperties: - description: |- - ReversePeeringProperties specifies VnetPeeringProperties for peering from the remote virtual network to the - cluster's virtual network. - properties: - allowForwardedTraffic: - description: |- - AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be - allowed/disallowed in remote virtual network. - type: boolean - allowGatewayTransit: - description: |- - AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual - network. - type: boolean - allowVirtualNetworkAccess: - description: |- - AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access - the VMs in remote virtual network space. - type: boolean - useRemoteGateways: - description: |- - UseRemoteGateways specifies if remote gateways can be used on this virtual network. - If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network - will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. - This flag cannot be set if virtual network already has a gateway. - type: boolean - type: object - required: - - remoteVnetName - type: object - type: array - resourceGroup: - description: |- - ResourceGroup is the name of the resource group of the existing virtual network - or the resource group where a managed virtual network should be created. - type: string - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing the resource. - type: object - required: - - name - type: object - type: object - resourceGroup: - type: string - subscriptionID: - type: string - required: - - location - type: object - status: - description: AzureClusterStatus defines the observed state of AzureCluster. - properties: - conditions: - description: Conditions defines current service state of the AzureCluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: |- - FailureDomains specifies the list of unique failure domains for the location/region of the cluster. - A FailureDomain maps to Availability Zone with an Azure Region (if the region support them). An - Availability Zone is a separate data center within a region and they can be used to ensure - the cluster is more resilient to failure. - See: https://learn.microsoft.com/azure/reliability/availability-zones-overview - This list will be used by Cluster API to try and spread the machines across the failure domains. - type: object - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azureclustertemplates.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureClusterTemplate - listKind: AzureClusterTemplateList - plural: azureclustertemplates - singular: azureclustertemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureClusterTemplate is the Schema for the azureclustertemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. - properties: - template: - description: AzureClusterTemplateResource describes the data needed - to create an AzureCluster from a template. - properties: - spec: - description: AzureClusterTemplateResourceSpec specifies an Azure - cluster template resource. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the - ones added by default. - type: object - azureEnvironment: - description: |- - AzureEnvironment is the name of the AzureCloud to be used. - The default value that would be used by most users is "AzurePublicCloud", other values are: - - ChinaCloud: "AzureChinaCloud" - - GermanCloud: "AzureGermanCloud" - - PublicCloud: "AzurePublicCloud" - - USGovernmentCloud: "AzureUSGovernmentCloud" - - - Note that values other than the default must also be accompanied by corresponding changes to the - aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does - not support referring to multiple different clouds in a single installation. The following fields must - be defined in the Secret: - - AZURE_AUTHORITY_HOST - - AZURE_RESOURCE_MANAGER_ENDPOINT - - AZURE_RESOURCE_MANAGER_AUDIENCE - - - See the [ASO docs] for more details. - - - [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ - type: string - bastionSpec: - description: BastionSpec encapsulates all things related to - the Bastions in the cluster. - properties: - azureBastion: - description: AzureBastionTemplateSpec specifies a template - for an Azure Bastion host. - properties: - subnet: - description: SubnetTemplateSpec specifies a template - for a subnet. - properties: - cidrBlocks: - description: CIDRBlocks defines the subnet's address - space, specified as one or more address prefixes - in CIDR notation. - items: - type: string - type: array - name: - description: Name defines a name for the subnet - resource. - type: string - natGateway: - description: NatGateway associated with this subnet. - properties: - name: - type: string - required: - - name - type: object - privateEndpoints: - description: PrivateEndpoints defines a list of - private endpoints that should be attached to - this subnet. - items: - description: PrivateEndpointSpec configures - an Azure Private Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies - the Application security group in which - the private endpoint IP configuration - is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName - specifies the network interface name associated - with the private endpoint. - type: string - location: - description: Location specifies the region - to create the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of - the private endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections - specifies Private Link Service Connections - of the private endpoint. - items: - description: PrivateLinkServiceConnection - defines the specification for a private - link service connection associated with - a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the - ID(s) of the group(s) obtained from - the remote resource that this private - endpoint should connect to. - items: - type: string - type: array - name: - description: Name specifies the name - of the private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID - specifies the resource ID of the - private link service. - type: string - requestMessage: - description: RequestMessage specifies - a message passed to the owner of - the remote resource with the private - endpoint connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - role: - description: Role defines the subnet role (eg. - Node, ControlPlane) - enum: - - node - - control-plane - - bastion - - cluster - type: string - securityGroup: - description: SecurityGroup defines the NSG (network - security group) that should be attached to this - subnet. - properties: - securityRules: - description: SecurityRules is a slice of Azure - security rules for security groups. - items: - description: SecurityRule defines an Azure - security rule for security groups. - properties: - action: - default: Allow - description: Action specifies whether - network traffic is allowed or denied. - Can either be "Allow" or "Deny". Defaults - to "Allow". - enum: - - Allow - - Deny - type: string - description: - description: A description for this - rule. Restricted to 140 chars. - type: string - destination: - description: Destination is the destination - address prefix. CIDR or destination - IP range. Asterix '*' can also be - used to match all source IPs. Default - tags such as 'VirtualNetwork', 'AzureLoadBalancer' - and 'Internet' can also be used. - type: string - destinationPorts: - description: DestinationPorts specifies - the destination port or range. Integer - or range between 0 and 65535. Asterix - '*' can also be used to match all - ports. - type: string - direction: - description: Direction indicates whether - the rule applies to inbound, or outbound - traffic. "Inbound" or "Outbound". - enum: - - Inbound - - Outbound - type: string - name: - description: Name is a unique name within - the network security group. - type: string - priority: - description: Priority is a number between - 100 and 4096. Each rule should have - a unique value for priority. Rules - are processed in priority order, with - lower numbers processed before higher - numbers. Once traffic matches a rule, - processing stops. - format: int32 - type: integer - protocol: - description: Protocol specifies the - protocol type. "Tcp", "Udp", "Icmp", - or "*". - enum: - - Tcp - - Udp - - Icmp - - '*' - type: string - source: - description: Source specifies the CIDR - or source IP range. Asterix '*' can - also be used to match all source IPs. - Default tags such as 'VirtualNetwork', - 'AzureLoadBalancer' and 'Internet' - can also be used. If this is an ingress - rule, specifies where network traffic - originates from. - type: string - sourcePorts: - description: SourcePorts specifies source - port or range. Integer or range between - 0 and 65535. Asterix '*' can also - be used to match all ports. - type: string - sources: - description: Sources specifies The CIDR - or source IP ranges. - items: - type: string - type: array - required: - - description - - direction - - name - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - tags: - additionalProperties: - type: string - description: Tags defines a map of tags. - type: object - type: object - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual - Network service endpoints to enable for the - subnets. - items: - description: ServiceEndpointSpec configures - an Azure Service Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - name - - role - type: object - type: object - type: object - cloudProviderConfigOverrides: - description: |- - CloudProviderConfigOverrides is an optional set of configuration values that can be overridden in azure cloud provider config. - This is only a subset of options that are available in azure cloud provider config. - Some values for the cloud provider config are inferred from other parts of cluster api provider azure spec, and may not be available for overrides. - See: https://cloud-provider-azure.sigs.k8s.io/install/configs - Note: All cloud provider config values can be customized by creating the secret beforehand. CloudProviderConfigOverrides is only used when the secret is managed by the Azure Provider. - properties: - backOffs: - description: BackOffConfig indicates the back-off config - options. - properties: - cloudProviderBackoff: - type: boolean - cloudProviderBackoffDuration: - type: integer - cloudProviderBackoffExponent: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderBackoffJitter: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderBackoffRetries: - type: integer - type: object - rateLimits: - items: - description: |- - RateLimitSpec represents the rate limit configuration for a particular kind of resource. - Eg. loadBalancerRateLimit is used to configure rate limits for load balancers. - This eventually gets converted to CloudProviderRateLimitConfig that cloud-provider-azure expects. - See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 - We cannot use CloudProviderRateLimitConfig directly because floating point values are not supported in controller-tools. - See: https://github.com/kubernetes-sigs/controller-tools/issues/245 - properties: - config: - description: RateLimitConfig indicates the rate - limit config options. - properties: - cloudProviderRateLimit: - type: boolean - cloudProviderRateLimitBucket: - type: integer - cloudProviderRateLimitBucketWrite: - type: integer - cloudProviderRateLimitQPS: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderRateLimitQPSWrite: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - name: - description: Name is the name of the rate limit - spec. - enum: - - defaultRateLimit - - routeRateLimit - - subnetsRateLimit - - interfaceRateLimit - - routeTableRateLimit - - loadBalancerRateLimit - - publicIPAddressRateLimit - - securityGroupRateLimit - - virtualMachineRateLimit - - storageAccountRateLimit - - diskRateLimit - - snapshotRateLimit - - virtualMachineScaleSetRateLimit - - virtualMachineSizesRateLimit - - availabilitySetRateLimit - type: string - required: - - name - type: object - type: array - type: object - extendedLocation: - description: ExtendedLocation is an optional set of ExtendedLocation - properties for clusters on Azure public MEC. - properties: - name: - description: Name defines the name for the extended location. - type: string - type: - description: Type defines the type for the extended location. - enum: - - EdgeZone - type: string - required: - - name - - type - type: object - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes - an infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure - domain is suitable for use by control plane machines. - type: boolean - type: object - description: |- - FailureDomains is a list of failure domains in the cluster's region, used to restrict - eligibility to host the control plane. A FailureDomain maps to an availability zone, - which is a separated group of datacenters within a region. - See: https://learn.microsoft.com/azure/reliability/availability-zones-overview - type: object - identityRef: - description: IdentityRef is a reference to an AzureIdentity - to be used when reconciling this cluster - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - location: - type: string - networkSpec: - description: NetworkSpec encapsulates all things related to - Azure network. - properties: - apiServerLB: - description: APIServerLB is the configuration for the - control-plane load balancer. - properties: - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout - for the TCP idle connection. - format: int32 - type: integer - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer - Type. - type: string - type: object - controlPlaneOutboundLB: - description: |- - ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer. - This is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic. - properties: - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout - for the TCP idle connection. - format: int32 - type: integer - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer - Type. - type: string - type: object - nodeOutboundLB: - description: NodeOutboundLB is the configuration for the - node outbound load balancer. - properties: - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout - for the TCP idle connection. - format: int32 - type: integer - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer - Type. - type: string - type: object - privateDNSZoneName: - description: PrivateDNSZoneName defines the zone name - for the Azure Private DNS. - type: string - subnets: - description: Subnets is the configuration for the control-plane - subnet and the node subnet. - items: - description: SubnetTemplateSpec specifies a template - for a subnet. - properties: - cidrBlocks: - description: CIDRBlocks defines the subnet's address - space, specified as one or more address prefixes - in CIDR notation. - items: - type: string - type: array - name: - description: Name defines a name for the subnet - resource. - type: string - natGateway: - description: NatGateway associated with this subnet. - properties: - name: - type: string - required: - - name - type: object - privateEndpoints: - description: PrivateEndpoints defines a list of - private endpoints that should be attached to this - subnet. - items: - description: PrivateEndpointSpec configures an - Azure Private Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies - the Application security group in which - the private endpoint IP configuration is - included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies - the network interface name associated with - the private endpoint. - type: string - location: - description: Location specifies the region - to create the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the - private endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections - specifies Private Link Service Connections - of the private endpoint. - items: - description: PrivateLinkServiceConnection - defines the specification for a private - link service connection associated with - a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the - ID(s) of the group(s) obtained from - the remote resource that this private - endpoint should connect to. - items: - type: string - type: array - name: - description: Name specifies the name - of the private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies - the resource ID of the private link - service. - type: string - requestMessage: - description: RequestMessage specifies - a message passed to the owner of the - remote resource with the private endpoint - connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - role: - description: Role defines the subnet role (eg. Node, - ControlPlane) - enum: - - node - - control-plane - - bastion - - cluster - type: string - securityGroup: - description: SecurityGroup defines the NSG (network - security group) that should be attached to this - subnet. - properties: - securityRules: - description: SecurityRules is a slice of Azure - security rules for security groups. - items: - description: SecurityRule defines an Azure - security rule for security groups. - properties: - action: - default: Allow - description: Action specifies whether - network traffic is allowed or denied. - Can either be "Allow" or "Deny". Defaults - to "Allow". - enum: - - Allow - - Deny - type: string - description: - description: A description for this rule. - Restricted to 140 chars. - type: string - destination: - description: Destination is the destination - address prefix. CIDR or destination - IP range. Asterix '*' can also be used - to match all source IPs. Default tags - such as 'VirtualNetwork', 'AzureLoadBalancer' - and 'Internet' can also be used. - type: string - destinationPorts: - description: DestinationPorts specifies - the destination port or range. Integer - or range between 0 and 65535. Asterix - '*' can also be used to match all ports. - type: string - direction: - description: Direction indicates whether - the rule applies to inbound, or outbound - traffic. "Inbound" or "Outbound". - enum: - - Inbound - - Outbound - type: string - name: - description: Name is a unique name within - the network security group. - type: string - priority: - description: Priority is a number between - 100 and 4096. Each rule should have - a unique value for priority. Rules are - processed in priority order, with lower - numbers processed before higher numbers. - Once traffic matches a rule, processing - stops. - format: int32 - type: integer - protocol: - description: Protocol specifies the protocol - type. "Tcp", "Udp", "Icmp", or "*". - enum: - - Tcp - - Udp - - Icmp - - '*' - type: string - source: - description: Source specifies the CIDR - or source IP range. Asterix '*' can - also be used to match all source IPs. - Default tags such as 'VirtualNetwork', - 'AzureLoadBalancer' and 'Internet' can - also be used. If this is an ingress - rule, specifies where network traffic - originates from. - type: string - sourcePorts: - description: SourcePorts specifies source - port or range. Integer or range between - 0 and 65535. Asterix '*' can also be - used to match all ports. - type: string - sources: - description: Sources specifies The CIDR - or source IP ranges. - items: - type: string - type: array - required: - - description - - direction - - name - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - tags: - additionalProperties: - type: string - description: Tags defines a map of tags. - type: object - type: object - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual - Network service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an - Azure Service Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - name - - role - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnet: - description: Vnet is the configuration for the Azure virtual - network. - properties: - cidrBlocks: - description: CIDRBlocks defines the virtual network's - address space, specified as one or more address - prefixes in CIDR notation. - items: - type: string - type: array - peerings: - description: Peerings defines a list of peerings of - the newly created virtual network with existing - virtual networks. - items: - description: VnetPeeringClassSpec specifies a virtual - network peering class. - properties: - forwardPeeringProperties: - description: |- - ForwardPeeringProperties specifies VnetPeeringProperties for peering from the cluster's virtual network to the - remote virtual network. - properties: - allowForwardedTraffic: - description: |- - AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be - allowed/disallowed in remote virtual network. - type: boolean - allowGatewayTransit: - description: |- - AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual - network. - type: boolean - allowVirtualNetworkAccess: - description: |- - AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access - the VMs in remote virtual network space. - type: boolean - useRemoteGateways: - description: |- - UseRemoteGateways specifies if remote gateways can be used on this virtual network. - If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network - will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. - This flag cannot be set if virtual network already has a gateway. - type: boolean - type: object - remoteVnetName: - description: RemoteVnetName defines name of - the remote virtual network. - type: string - resourceGroup: - description: ResourceGroup is the resource group - name of the remote virtual network. - type: string - reversePeeringProperties: - description: |- - ReversePeeringProperties specifies VnetPeeringProperties for peering from the remote virtual network to the - cluster's virtual network. - properties: - allowForwardedTraffic: - description: |- - AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be - allowed/disallowed in remote virtual network. - type: boolean - allowGatewayTransit: - description: |- - AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual - network. - type: boolean - allowVirtualNetworkAccess: - description: |- - AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access - the VMs in remote virtual network space. - type: boolean - useRemoteGateways: - description: |- - UseRemoteGateways specifies if remote gateways can be used on this virtual network. - If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network - will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. - This flag cannot be set if virtual network already has a gateway. - type: boolean - type: object - required: - - remoteVnetName - type: object - type: array - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing - the resource. - type: object - type: object - type: object - subscriptionID: - type: string - required: - - location - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremachinetemplates.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureMachineTemplate - listKind: AzureMachineTemplateList - plural: azuremachinetemplates - singular: azuremachinetemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureMachineTemplate is the Schema for the azuremachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate. - properties: - template: - description: AzureMachineTemplateResource describes the data needed - to create an AzureMachine from a template. - properties: - metadata: - description: |- - ObjectMeta is metadata that all persisted resources must have, which includes all objects - users must create. This is a copy of customizable fields from metav1.ObjectMeta. - - - ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, - which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases - and read-only fields which end up in the generated CRD validation, having it as a subset simplifies - the API and some issues that can impact user experience. - - - During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) - for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, - specifically `spec.metadata.creationTimestamp in body must be of type string: "null"`. - The investigation showed that `controller-tools@v2` behaves differently than its previous version - when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package. - - - In more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` - had validation properties, including for `creationTimestamp` (metav1.Time). - The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` - which breaks validation because the field isn't marked as nullable. - - - In future versions, controller-tools@v2 might allow overriding the type and validation for embedded - types. When that happens, this hack should be revisited. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - acceleratedNetworking: - description: 'Deprecated: AcceleratedNetworking should be - set in the networkInterfaces field.' - type: boolean - additionalCapabilities: - description: AdditionalCapabilities specifies additional capabilities - enabled or disabled on the virtual machine. - properties: - ultraSSDEnabled: - description: |- - UltraSSDEnabled enables or disables Azure UltraSSD capability for the virtual machine. - Defaults to true if Ultra SSD data disks are specified, - otherwise it doesn't set the capability on the VM. - type: boolean - type: object - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the - AzureMachine's value takes precedence. - type: object - allocatePublicIP: - description: AllocatePublicIP allows the ability to create - dynamic public ips for machines where this value is true. - type: boolean - capacityReservationGroupID: - description: |- - CapacityReservationGroupID specifies the capacity reservation group resource id that should be - used for allocating the virtual machine. - The field size should be greater than 0 and the field input must start with '/'. - The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. - The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively. - It is optional but may not be changed once set. - type: string - dataDisks: - description: DataDisk specifies the parameters that are used - to add one or more data disks to the machine - items: - description: DataDisk specifies the parameters that are - used to add one or more data disks to the machine. - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diskSizeGB: - description: DiskSizeGB is the size in GB to assign - to the data disk. - format: int32 - type: integer - lun: - description: |- - Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. - The value must be between 0 and 63. - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk - parameters for the data disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed - disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - nameSuffix: - description: |- - NameSuffix is the suffix to be appended to the machine name to generate the disk name. - Each disk name will be in format _. - type: string - required: - - diskSizeGB - - nameSuffix - type: object - type: array - diagnostics: - description: |- - Diagnostics specifies the diagnostics settings for a virtual machine. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - boot: - description: |- - Boot configures the boot diagnostics settings for the virtual machine. - This allows to configure capturing serial output from the virtual machine on boot. - This is useful for debugging software based launch issues. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - storageAccountType: - description: |- - StorageAccountType determines if the storage account for storing the diagnostics data - should be disabled (Disabled), provisioned by Azure (Managed) or by the user (UserManaged). - enum: - - Managed - - UserManaged - - Disabled - type: string - userManaged: - description: UserManaged provides a reference to the - user-managed storage account. - properties: - storageAccountURI: - description: |- - StorageAccountURI is the URI of the user-managed storage account. - The URI typically will be `https://.blob.core.windows.net/` - but may differ if you are using Azure DNS zone endpoints. - You can find the correct endpoint by looking for the Blob Primary Endpoint in the - endpoints tab in the Azure console or with the CLI by issuing - `az storage account list --query='[].{name: name, "resource group": resourceGroup, "blob endpoint": primaryEndpoints.blob}'`. - maxLength: 1024 - pattern: ^https:// - type: string - required: - - storageAccountURI - type: object - required: - - storageAccountType - type: object - type: object - disableExtensionOperations: - description: |- - DisableExtensionOperations specifies whether extension operations should be disabled on the virtual machine. - Use this setting only if VMExtensions are not supported by your image, as it disables CAPZ bootstrapping extension used for detecting Kubernetes bootstrap failure. - This may only be set to True when no extensions are configured on the virtual machine. - type: boolean - dnsServers: - description: DNSServers adds a list of DNS Server IP addresses - to the VM NICs. - items: - type: string - type: array - enableIPForwarding: - description: |- - EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine - to another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller - manager). Default is false for disabled. - type: boolean - failureDomain: - description: |- - FailureDomain is the failure domain unique identifier this Machine should be attached to, - as defined in Cluster API. This relates to an Azure Availability Zone - type: string - identity: - default: None - description: |- - Identity is the type of identity used for the virtual machine. - The type 'SystemAssigned' is an implicitly created identity. - The generated identity will be assigned a Subscription contributor role. - The type 'UserAssigned' is a standalone Azure resource provided by the user - and assigned to the VM - enum: - - None - - SystemAssigned - - UserAssigned - type: string - image: - description: |- - Image is used to provide details of an image to use during VM creation. - If image details are omitted the image will default the Azure Marketplace "capi" offer, - which is based on Ubuntu. - properties: - computeGallery: - description: ComputeGallery specifies an image to use - from the Azure Compute Gallery - properties: - gallery: - description: Gallery specifies the name of the compute - image gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - plan: - description: Plan contains plan information. - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - required: - - offer - - publisher - - sku - type: object - resourceGroup: - description: ResourceGroup specifies the resource - group containing the private compute gallery. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the - subscription that contains the private compute gallery. - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - version - type: object - id: - description: ID specifies an image to use by ID - type: string - marketplace: - description: Marketplace specifies an image to use from - the Azure Marketplace - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - thirdPartyImage: - default: false - description: |- - ThirdPartyImage indicates the image is published by a third party publisher and a Plan - will be generated for it. - type: boolean - version: - description: |- - Version specifies the version of an image sku. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - offer - - publisher - - sku - - version - type: object - sharedGallery: - description: |- - SharedGallery specifies an image to use from an Azure Shared Image Gallery - Deprecated: use ComputeGallery instead. - properties: - gallery: - description: Gallery specifies the name of the shared - image gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - publisher: - description: |- - Publisher is the name of the organization that created the image. - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - resourceGroup: - description: ResourceGroup specifies the resource - group containing the shared image gallery - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the - subscription that contains the shared image gallery - minLength: 1 - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - resourceGroup - - subscriptionID - - version - type: object - type: object - networkInterfaces: - description: |- - NetworkInterfaces specifies a list of network interface configurations. - If left unspecified, the VM will get a single network interface with a - single IPConfig in the subnet specified in the cluster's node subnet field. - The primary interface will be the first networkInterface specified (index 0) in the list. - items: - description: NetworkInterface defines a network interface. - properties: - acceleratedNetworking: - description: |- - AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on - whether the requested VMSize supports accelerated networking. - If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error. - type: boolean - privateIPConfigs: - description: |- - PrivateIPConfigs specifies the number of private IP addresses to attach to the interface. - Defaults to 1 if not specified. - type: integer - subnetName: - description: SubnetName specifies the subnet in which - the new network interface will be placed. - type: string - type: object - type: array - osDisk: - description: OSDisk specifies the parameters for the operating - system disk of the machine - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diffDiskSettings: - description: DiffDiskSettings describe ephemeral disk - settings for the os disk. - properties: - option: - description: |- - Option enables ephemeral OS when set to "Local" - See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks for full details - enum: - - Local - type: string - placement: - description: Placement specifies the ephemeral disk - placement for operating system disk. If placement - is specified, Option must be set to "Local". - enum: - - CacheDisk - - NvmeDisk - - ResourceDisk - type: string - required: - - option - type: object - diskSizeGB: - description: |- - DiskSizeGB is the size in GB to assign to the OS disk. - Will have a default of 30GB if not provided - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk parameters - for the OS disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed - disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - osType: - type: string - required: - - osType - type: object - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - roleAssignmentName: - description: 'Deprecated: RoleAssignmentName should be set - in the systemAssignedIdentityRole field.' - type: string - securityProfile: - description: SecurityProfile specifies the Security profile - settings for a virtual machine. - properties: - encryptionAtHost: - description: |- - This field indicates whether Host Encryption should be enabled - or disabled for a virtual machine or virtual machine scale set. - This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. - Default is disabled. - type: boolean - securityType: - description: |- - SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to - enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. - enum: - - ConfidentialVM - - TrustedLaunch - type: string - uefiSettings: - description: UefiSettings specifies the security settings - like secure boot and vTPM used while creating the virtual - machine. - properties: - secureBootEnabled: - description: |- - SecureBootEnabled specifies whether secure boot should be enabled on the virtual machine. - Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - vTpmEnabled: - description: |- - VTpmEnabled specifies whether vTPM should be enabled on the virtual machine. - When true it enables the virtualized trusted platform module measurements to create a known good boot integrity policy baseline. - The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. - This is required to be set to Enabled if SecurityEncryptionType is defined. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - type: object - type: object - spotVMOptions: - description: SpotVMOptions allows the ability to specify the - Machine should use a Spot VM - properties: - evictionPolicy: - description: EvictionPolicy defines the behavior of the - virtual machine when it is evicted. It can be either - Delete or Deallocate. - enum: - - Deallocate - - Delete - type: string - maxPrice: - anyOf: - - type: integer - - type: string - description: MaxPrice defines the maximum price the user - is willing to pay for Spot VM instances - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - sshPublicKey: - description: |- - SSHPublicKey is the SSH public key string, base64-encoded to add to a Virtual Machine. Linux only. - Refer to documentation on how to set up SSH access on Windows instances. - type: string - subnetName: - description: 'Deprecated: SubnetName should be set in the - networkInterfaces field.' - type: string - systemAssignedIdentityRole: - description: SystemAssignedIdentityRole defines the role and - scope to assign to the system-assigned identity. - properties: - definitionID: - description: |- - DefinitionID is the ID of the role definition to create for a system assigned identity. It can be an Azure built-in role or a custom role. - Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles - type: string - name: - description: |- - Name is the name of the role assignment to create for a system assigned identity. It can be any valid UUID. - If not specified, a random UUID will be generated. - type: string - scope: - description: |- - Scope is the scope that the role assignment or definition applies to. The scope can be any REST resource instance. - If not specified, the scope will be the subscription. - type: string - type: object - userAssignedIdentities: - description: |- - UserAssignedIdentities is a list of standalone Azure identities provided by the user - The lifecycle of a user-assigned identity is managed separately from the lifecycle of - the AzureMachine. - See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli - items: - description: |- - UserAssignedIdentity defines the user-assigned identities provided - by the user to be assigned to Azure resources. - properties: - providerID: - description: |- - ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: - 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' - type: string - required: - - providerID - type: object - type: array - vmExtensions: - description: VMExtensions specifies a list of extensions to - be added to the virtual machine. - items: - description: VMExtension specifies the parameters for a - custom VM extension. - properties: - name: - description: Name is the name of the extension. - type: string - protectedSettings: - additionalProperties: - type: string - description: ProtectedSettings is a JSON formatted protected - settings for the extension. - type: object - publisher: - description: Publisher is the name of the extension - handler publisher. - type: string - settings: - additionalProperties: - type: string - description: Settings is a JSON formatted public settings - for the extension. - type: object - version: - description: Version specifies the version of the script - handler. - type: string - required: - - name - - publisher - - version - type: object - type: array - vmSize: - type: string - required: - - osDisk - - vmSize - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azureclusteridentities.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureClusterIdentity - listKind: AzureClusterIdentityList - plural: azureclusteridentities - singular: azureclusteridentity - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Type of AzureClusterIdentity - jsonPath: .spec.type - name: Type - type: string - - description: Time duration since creation of this AzureClusterIdentity - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureClusterIdentity is the Schema for the azureclustersidentities - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureClusterIdentitySpec defines the parameters that are - used to create an AzureIdentity. - properties: - allowedNamespaces: - description: |- - AllowedNamespaces is used to identify the namespaces the clusters are allowed to use the identity from. - Namespaces can be selected either using an array of namespaces or with label selector. - An empty allowedNamespaces object indicates that AzureClusters can use this identity from any namespace. - If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) - A namespace should be either in the NamespaceList or match with Selector to use the identity. - nullable: true - properties: - list: - description: A nil or empty list indicates that AzureCluster cannot - use the identity from any namespace. - items: - type: string - nullable: true - type: array - selector: - description: |- - Selector is a selector of namespaces that AzureCluster can - use this Identity from. This is a standard Kubernetes LabelSelector, - a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. - - - A nil or empty selector indicates that AzureCluster cannot use this - AzureClusterIdentity from any namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - certPath: - description: CertPath is the path where certificates exist. When set, - it takes precedence over ClientSecret for types that use certs like - ServicePrincipalCertificate. - type: string - clientID: - description: |- - ClientID is the service principal client ID. - Both User Assigned MSI and SP can use this field. - type: string - clientSecret: - description: ClientSecret is a secret reference which should contain - either a Service Principal password or certificate secret. - properties: - name: - description: name is unique within a namespace to reference a - secret resource. - type: string - namespace: - description: namespace defines the space within which the secret - name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - resourceID: - description: |- - ResourceID is the Azure resource ID for the User Assigned MSI resource. - Only applicable when type is UserAssignedMSI. - - - Deprecated: This field no longer has any effect. - type: string - tenantID: - description: TenantID is the service principal primary tenant id. - type: string - type: - description: |- - Type is the type of Azure Identity used. - ServicePrincipal, ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal or WorkloadIdentity. - enum: - - ServicePrincipal - - UserAssignedMSI - - ManualServicePrincipal - - ServicePrincipalCertificate - - WorkloadIdentity - type: string - required: - - clientID - - tenantID - - type - type: object - status: - description: AzureClusterIdentityStatus defines the observed state of - AzureClusterIdentity. - properties: - conditions: - description: Conditions defines current service state of the AzureClusterIdentity. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremachinepools.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureMachinePool - listKind: AzureMachinePoolList - plural: azuremachinepools - shortNames: - - amp - singular: azuremachinepool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: AzureMachinePool replicas count - jsonPath: .status.replicas - name: Replicas - type: string - - description: AzureMachinePool replicas count - jsonPath: .status.ready - name: Ready - type: string - - description: Azure VMSS provisioning state - jsonPath: .status.provisioningState - name: State - type: string - - description: Cluster to which this AzureMachinePool belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - priority: 1 - type: string - - description: MachinePool object to which this AzureMachinePool belongs - jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name - name: MachinePool - priority: 1 - type: string - - description: Azure VMSS ID - jsonPath: .spec.providerID - name: VMSS ID - priority: 1 - type: string - - description: Azure VM Size - jsonPath: .spec.template.vmSize - name: VM Size - priority: 1 - type: string - - description: Time duration since creation of this AzureMachinePool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureMachinePool is the Schema for the azuremachinepools API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureMachinePoolSpec defines the desired state of AzureMachinePool. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the - AzureMachine's value takes precedence. - type: object - identity: - default: None - description: |- - Identity is the type of identity used for the Virtual Machine Scale Set. - The type 'SystemAssigned' is an implicitly created identity. - The generated identity will be assigned a Subscription contributor role. - The type 'UserAssigned' is a standalone Azure resource provided by the user - and assigned to the VM - enum: - - None - - SystemAssigned - - UserAssigned - type: string - location: - description: Location is the Azure region location e.g. westus2 - type: string - orchestrationMode: - default: Uniform - description: OrchestrationMode specifies the orchestration mode for - the Virtual Machine Scale Set - enum: - - Flexible - - Uniform - type: string - platformFaultDomainCount: - description: |- - PlatformFaultDomainCount specifies the number of fault domains that the Virtual Machine Scale Set can use. - The count determines the spreading algorithm of the Azure fault domain. - format: int32 - type: integer - providerID: - description: ProviderID is the identification ID of the Virtual Machine - Scale Set - type: string - providerIDList: - description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - roleAssignmentName: - description: 'Deprecated: RoleAssignmentName should be set in the - systemAssignedIdentityRole field.' - type: string - strategy: - default: - rollingUpdate: - deletePolicy: Oldest - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - description: The deployment strategy to use to replace existing AzureMachinePoolMachines - with new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - default: Oldest - description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default is Oldest - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - default: 1 - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - default: 0 - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - default: RollingUpdate - description: Type of deployment. Currently the only supported - strategy is RollingUpdate - enum: - - RollingUpdate - type: string - type: object - systemAssignedIdentityRole: - description: SystemAssignedIdentityRole defines the role and scope - to assign to the system assigned identity. - properties: - definitionID: - description: |- - DefinitionID is the ID of the role definition to create for a system assigned identity. It can be an Azure built-in role or a custom role. - Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles - type: string - name: - description: |- - Name is the name of the role assignment to create for a system assigned identity. It can be any valid UUID. - If not specified, a random UUID will be generated. - type: string - scope: - description: |- - Scope is the scope that the role assignment or definition applies to. The scope can be any REST resource instance. - If not specified, the scope will be the subscription. - type: string - type: object - template: - description: Template contains the details used to build a replica - virtual machine within the Machine Pool - properties: - acceleratedNetworking: - description: 'Deprecated: AcceleratedNetworking should be set - in the networkInterfaces field.' - type: boolean - dataDisks: - description: DataDisks specifies the list of data disks to be - created for a Virtual Machine - items: - description: DataDisk specifies the parameters that are used - to add one or more data disks to the machine. - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diskSizeGB: - description: DiskSizeGB is the size in GB to assign to the - data disk. - format: int32 - type: integer - lun: - description: |- - Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. - The value must be between 0 and 63. - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk parameters - for the data disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - nameSuffix: - description: |- - NameSuffix is the suffix to be appended to the machine name to generate the disk name. - Each disk name will be in format _. - type: string - required: - - diskSizeGB - - nameSuffix - type: object - type: array - diagnostics: - description: |- - Diagnostics specifies the diagnostics settings for a virtual machine. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - boot: - description: |- - Boot configures the boot diagnostics settings for the virtual machine. - This allows to configure capturing serial output from the virtual machine on boot. - This is useful for debugging software based launch issues. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - storageAccountType: - description: |- - StorageAccountType determines if the storage account for storing the diagnostics data - should be disabled (Disabled), provisioned by Azure (Managed) or by the user (UserManaged). - enum: - - Managed - - UserManaged - - Disabled - type: string - userManaged: - description: UserManaged provides a reference to the user-managed - storage account. - properties: - storageAccountURI: - description: |- - StorageAccountURI is the URI of the user-managed storage account. - The URI typically will be `https://.blob.core.windows.net/` - but may differ if you are using Azure DNS zone endpoints. - You can find the correct endpoint by looking for the Blob Primary Endpoint in the - endpoints tab in the Azure console or with the CLI by issuing - `az storage account list --query='[].{name: name, "resource group": resourceGroup, "blob endpoint": primaryEndpoints.blob}'`. - maxLength: 1024 - pattern: ^https:// - type: string - required: - - storageAccountURI - type: object - required: - - storageAccountType - type: object - type: object - image: - description: |- - Image is used to provide details of an image to use during VM creation. - If image details are omitted the image will default the Azure Marketplace "capi" offer, - which is based on Ubuntu. - properties: - computeGallery: - description: ComputeGallery specifies an image to use from - the Azure Compute Gallery - properties: - gallery: - description: Gallery specifies the name of the compute - image gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - plan: - description: Plan contains plan information. - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - required: - - offer - - publisher - - sku - type: object - resourceGroup: - description: ResourceGroup specifies the resource group - containing the private compute gallery. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the subscription - that contains the private compute gallery. - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - version - type: object - id: - description: ID specifies an image to use by ID - type: string - marketplace: - description: Marketplace specifies an image to use from the - Azure Marketplace - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - thirdPartyImage: - default: false - description: |- - ThirdPartyImage indicates the image is published by a third party publisher and a Plan - will be generated for it. - type: boolean - version: - description: |- - Version specifies the version of an image sku. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - offer - - publisher - - sku - - version - type: object - sharedGallery: - description: |- - SharedGallery specifies an image to use from an Azure Shared Image Gallery - Deprecated: use ComputeGallery instead. - properties: - gallery: - description: Gallery specifies the name of the shared - image gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - publisher: - description: |- - Publisher is the name of the organization that created the image. - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - resourceGroup: - description: ResourceGroup specifies the resource group - containing the shared image gallery - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the subscription - that contains the shared image gallery - minLength: 1 - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - resourceGroup - - subscriptionID - - version - type: object - type: object - networkInterfaces: - description: |- - NetworkInterfaces specifies a list of network interface configurations. - If left unspecified, the VM will get a single network interface with a - single IPConfig in the subnet specified in the cluster's node subnet field. - The primary interface will be the first networkInterface specified (index 0) in the list. - items: - description: NetworkInterface defines a network interface. - properties: - acceleratedNetworking: - description: |- - AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on - whether the requested VMSize supports accelerated networking. - If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error. - type: boolean - privateIPConfigs: - description: |- - PrivateIPConfigs specifies the number of private IP addresses to attach to the interface. - Defaults to 1 if not specified. - type: integer - subnetName: - description: SubnetName specifies the subnet in which the - new network interface will be placed. - type: string - type: object - type: array - osDisk: - description: OSDisk contains the operating system disk information - for a Virtual Machine - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diffDiskSettings: - description: DiffDiskSettings describe ephemeral disk settings - for the os disk. - properties: - option: - description: |- - Option enables ephemeral OS when set to "Local" - See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks for full details - enum: - - Local - type: string - placement: - description: Placement specifies the ephemeral disk placement - for operating system disk. If placement is specified, - Option must be set to "Local". - enum: - - CacheDisk - - NvmeDisk - - ResourceDisk - type: string - required: - - option - type: object - diskSizeGB: - description: |- - DiskSizeGB is the size in GB to assign to the OS disk. - Will have a default of 30GB if not provided - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk parameters - for the OS disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security profile - for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - osType: - type: string - required: - - osType - type: object - securityProfile: - description: SecurityProfile specifies the Security profile settings - for a virtual machine. - properties: - encryptionAtHost: - description: |- - This field indicates whether Host Encryption should be enabled - or disabled for a virtual machine or virtual machine scale set. - This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. - Default is disabled. - type: boolean - securityType: - description: |- - SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to - enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. - enum: - - ConfidentialVM - - TrustedLaunch - type: string - uefiSettings: - description: UefiSettings specifies the security settings - like secure boot and vTPM used while creating the virtual - machine. - properties: - secureBootEnabled: - description: |- - SecureBootEnabled specifies whether secure boot should be enabled on the virtual machine. - Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - vTpmEnabled: - description: |- - VTpmEnabled specifies whether vTPM should be enabled on the virtual machine. - When true it enables the virtualized trusted platform module measurements to create a known good boot integrity policy baseline. - The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. - This is required to be set to Enabled if SecurityEncryptionType is defined. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - type: object - type: object - spotVMOptions: - description: SpotVMOptions allows the ability to specify the Machine - should use a Spot VM - properties: - evictionPolicy: - description: EvictionPolicy defines the behavior of the virtual - machine when it is evicted. It can be either Delete or Deallocate. - enum: - - Deallocate - - Delete - type: string - maxPrice: - anyOf: - - type: integer - - type: string - description: MaxPrice defines the maximum price the user is - willing to pay for Spot VM instances - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - sshPublicKey: - description: |- - SSHPublicKey is the SSH public key string, base64-encoded to add to a Virtual Machine. Linux only. - Refer to documentation on how to set up SSH access on Windows instances. - type: string - subnetName: - description: 'Deprecated: SubnetName should be set in the networkInterfaces - field.' - type: string - terminateNotificationTimeout: - description: |- - TerminateNotificationTimeout enables or disables VMSS scheduled events termination notification with specified timeout - allowed values are between 5 and 15 (mins) - type: integer - vmExtensions: - description: VMExtensions specifies a list of extensions to be - added to the scale set. - items: - description: VMExtension specifies the parameters for a custom - VM extension. - properties: - name: - description: Name is the name of the extension. - type: string - protectedSettings: - additionalProperties: - type: string - description: ProtectedSettings is a JSON formatted protected - settings for the extension. - type: object - publisher: - description: Publisher is the name of the extension handler - publisher. - type: string - settings: - additionalProperties: - type: string - description: Settings is a JSON formatted public settings - for the extension. - type: object - version: - description: Version specifies the version of the script - handler. - type: string - required: - - name - - publisher - - version - type: object - type: array - vmSize: - description: |- - VMSize is the size of the Virtual Machine to build. - See https://learn.microsoft.com/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes - type: string - required: - - osDisk - - vmSize - type: object - userAssignedIdentities: - description: |- - UserAssignedIdentities is a list of standalone Azure identities provided by the user - The lifecycle of a user-assigned identity is managed separately from the lifecycle of - the AzureMachinePool. - See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli - items: - description: |- - UserAssignedIdentity defines the user-assigned identities provided - by the user to be assigned to Azure resources. - properties: - providerID: - description: |- - ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: - 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' - type: string - required: - - providerID - type: object - type: array - zoneBalance: - description: ZoneBalane dictates whether to force strictly even Virtual - Machine distribution cross x-zones in case there is zone outage. - type: boolean - required: - - location - - template - type: object - status: - description: AzureMachinePoolStatus defines the observed state of AzureMachinePool. - properties: - conditions: - description: Conditions defines current service state of the AzureMachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the MachinePool and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachinePool's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of MachinePools - can be added as events to the MachinePool object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the MachinePool and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachinePool's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of MachinePools - can be added as events to the MachinePool object and/or logged in the - controller's output. - type: string - image: - description: |- - Image is the current image used in the AzureMachinePool. When the spec image is nil, this image is populated - with the details of the defaulted Azure Marketplace "capi" offer. - properties: - computeGallery: - description: ComputeGallery specifies an image to use from the - Azure Compute Gallery - properties: - gallery: - description: Gallery specifies the name of the compute image - gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - plan: - description: Plan contains plan information. - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - required: - - offer - - publisher - - sku - type: object - resourceGroup: - description: ResourceGroup specifies the resource group containing - the private compute gallery. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the subscription - that contains the private compute gallery. - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - version - type: object - id: - description: ID specifies an image to use by ID - type: string - marketplace: - description: Marketplace specifies an image to use from the Azure - Marketplace - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization that - created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - thirdPartyImage: - default: false - description: |- - ThirdPartyImage indicates the image is published by a third party publisher and a Plan - will be generated for it. - type: boolean - version: - description: |- - Version specifies the version of an image sku. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - offer - - publisher - - sku - - version - type: object - sharedGallery: - description: |- - SharedGallery specifies an image to use from an Azure Shared Image Gallery - Deprecated: use ComputeGallery instead. - properties: - gallery: - description: Gallery specifies the name of the shared image - gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - publisher: - description: |- - Publisher is the name of the organization that created the image. - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - resourceGroup: - description: ResourceGroup specifies the resource group containing - the shared image gallery - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the subscription - that contains the shared image gallery - minLength: 1 - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - resourceGroup - - subscriptionID - - version - type: object - type: object - infrastructureMachineKind: - description: InfrastructureMachineKind is the kind of the infrastructure - resources behind MachinePool Machines. - type: string - instances: - description: Instances is the VM instance status for each VM in the - VMSS - items: - description: AzureMachinePoolInstanceStatus provides status information - for each instance in the VMSS. - properties: - instanceID: - description: InstanceID is the identification of the Machine - Instance within the VMSS - type: string - instanceName: - description: InstanceName is the name of the Machine Instance - within the VMSS - type: string - latestModelApplied: - description: |- - LatestModelApplied indicates the instance is running the most up-to-date VMSS model. A VMSS model describes - the image version the VM is running. If the instance is not running the latest model, it means the instance - may not be running the version of Kubernetes the Machine Pool has specified and needs to be updated. - type: boolean - providerID: - description: ProviderID is the provider identification of the - VMSS Instance - type: string - provisioningState: - description: ProvisioningState is the provisioning state of - the Azure virtual machine instance. - type: string - version: - description: Version defines the Kubernetes version for the - VM Instance - type: string - required: - - latestModelApplied - type: object - type: array - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the state for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - provisioningState: - description: ProvisioningState is the provisioning state of the Azure - virtual machine. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - version: - description: Version is the Kubernetes version for the current VMSS - model - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedMachinePool - listKind: AzureManagedMachinePoolList - plural: azuremanagedmachinepools - shortNames: - - ammp - singular: azuremanagedmachinepool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureManagedMachinePool belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - priority: 1 - type: string - - description: Time duration since creation of this AzureManagedMachinePool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.mode - name: Mode - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedMachinePoolSpec defines the desired state of - AzureManagedMachinePool. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the - Azure provider, in addition to the ones added by default. - type: object - asoManagedClustersAgentPoolPatches: - description: |- - ASOManagedClustersAgentPoolPatches defines JSON merge patches to be applied to the generated ASO ManagedClustersAgentPool resource. - WARNING: This is meant to be used sparingly to enable features for development and testing that are not - otherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of - operation is possible. - items: - type: string - type: array - availabilityZones: - description: |- - AvailabilityZones - Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. - Immutable. - items: - type: string - type: array - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost indicates whether host encryption is enabled on the node pool. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS indicates whether FIPS is enabled on the node pool. - Immutable. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP controls whether or not nodes in the pool each have a public IP address. - Immutable. - type: boolean - enableUltraSSD: - description: |- - EnableUltraSSD enables the storage type UltraSSD_LRS for the agent pool. - Immutable. - type: boolean - kubeletConfig: - description: |- - KubeletConfig specifies the kubelet configurations for nodes. - Immutable. - properties: - allowedUnsafeSysctls: - description: |- - AllowedUnsafeSysctls - Allowlist of unsafe sysctls or unsafe sysctl patterns (ending in `*`). - Valid values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or `net.*`. - items: - type: string - type: array - containerLogMaxFiles: - description: ContainerLogMaxFiles - The maximum number of container - log files that can be present for a container. The number must - be ≥ 2. - minimum: 2 - type: integer - containerLogMaxSizeMB: - description: ContainerLogMaxSizeMB - The maximum size in MB of - a container log file before it is rotated. - type: integer - cpuCfsQuota: - description: CPUCfsQuota - Enable CPU CFS quota enforcement for - containers that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: |- - CPUCfsQuotaPeriod - Sets CPU CFS quota period value. - Must end in "ms", e.g. "100ms" - type: string - cpuManagerPolicy: - description: CPUManagerPolicy - CPU Manager policy to use. - enum: - - none - - static - type: string - failSwapOn: - description: FailSwapOn - If set to true it will make the Kubelet - fail to start if swap is enabled on the node. - type: boolean - imageGcHighThreshold: - description: |- - ImageGcHighThreshold - The percent of disk usage after which image garbage collection is always run. - Valid values are 0-100 (inclusive). - maximum: 100 - minimum: 0 - type: integer - imageGcLowThreshold: - description: |- - ImageGcLowThreshold - The percent of disk usage before which image garbage collection is never run. - Valid values are 0-100 (inclusive) and must be less than `imageGcHighThreshold`. - maximum: 100 - minimum: 0 - type: integer - podMaxPids: - description: |- - PodMaxPids - The maximum number of processes per pod. - Must not exceed kernel PID limit. -1 disables the limit. - minimum: -1 - type: integer - topologyManagerPolicy: - description: TopologyManagerPolicy - Topology Manager policy to - use. - enum: - - none - - best-effort - - restricted - - single-numa-node - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType specifies the kubelet disk type. Default to OS. Possible values include: 'OS', 'Temporary'. - Requires Microsoft.ContainerService/KubeletDisk preview feature to be set. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype - enum: - - OS - - Temporary - type: string - linuxOSConfig: - description: |- - LinuxOSConfig specifies the custom Linux OS settings and configurations. - Immutable. - properties: - swapFileSizeMB: - description: |- - SwapFileSizeMB specifies size in MB of a swap file will be created on the agent nodes from this node pool. - Max value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). - Must be at least 1. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk - minimum: 1 - type: integer - sysctls: - description: Sysctl specifies the settings for Linux agent nodes. - properties: - fsAioMaxNr: - description: |- - FsAioMaxNr specifies the maximum number of system-wide asynchronous io requests. - Valid values are 65536-6553500 (inclusive). - Maps to fs.aio-max-nr. - maximum: 6553500 - minimum: 65536 - type: integer - fsFileMax: - description: |- - FsFileMax specifies the max number of file-handles that the Linux kernel will allocate, by increasing increases the maximum number of open files permitted. - Valid values are 8192-12000500 (inclusive). - Maps to fs.file-max. - maximum: 12000500 - minimum: 8192 - type: integer - fsInotifyMaxUserWatches: - description: |- - FsInotifyMaxUserWatches specifies the number of file watches allowed by the system. Each watch is roughly 90 bytes on a 32-bit kernel, and roughly 160 bytes on a 64-bit kernel. - Valid values are 781250-2097152 (inclusive). - Maps to fs.inotify.max_user_watches. - maximum: 2097152 - minimum: 781250 - type: integer - fsNrOpen: - description: |- - FsNrOpen specifies the maximum number of file-handles a process can allocate. - Valid values are 8192-20000500 (inclusive). - Maps to fs.nr_open. - maximum: 20000500 - minimum: 8192 - type: integer - kernelThreadsMax: - description: |- - KernelThreadsMax specifies the maximum number of all threads that can be created. - Valid values are 20-513785 (inclusive). - Maps to kernel.threads-max. - maximum: 513785 - minimum: 20 - type: integer - netCoreNetdevMaxBacklog: - description: |- - NetCoreNetdevMaxBacklog specifies maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them. - Valid values are 1000-3240000 (inclusive). - Maps to net.core.netdev_max_backlog. - maximum: 3240000 - minimum: 1000 - type: integer - netCoreOptmemMax: - description: |- - NetCoreOptmemMax specifies the maximum ancillary buffer size (option memory buffer) allowed per socket. - Socket option memory is used in a few cases to store extra structures relating to usage of the socket. - Valid values are 20480-4194304 (inclusive). - Maps to net.core.optmem_max. - maximum: 4194304 - minimum: 20480 - type: integer - netCoreRmemDefault: - description: |- - NetCoreRmemDefault specifies the default receive socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.rmem_default. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreRmemMax: - description: |- - NetCoreRmemMax specifies the maximum receive socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.rmem_max. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreSomaxconn: - description: |- - NetCoreSomaxconn specifies maximum number of connection requests that can be queued for any given listening socket. - An upper limit for the value of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) function. - If the backlog argument is greater than the somaxconn, then it's silently truncated to this limit. - Valid values are 4096-3240000 (inclusive). - Maps to net.core.somaxconn. - maximum: 3240000 - minimum: 4096 - type: integer - netCoreWmemDefault: - description: |- - NetCoreWmemDefault specifies the default send socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.wmem_default. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreWmemMax: - description: |- - NetCoreWmemMax specifies the maximum send socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.wmem_max. - maximum: 134217728 - minimum: 212992 - type: integer - netIpv4IPLocalPortRange: - description: |- - NetIpv4IPLocalPortRange is used by TCP and UDP traffic to choose the local port on the agent node. - PortRange should be specified in the format "first last". - First, being an integer, must be between [1024 - 60999]. - Last, being an integer, must be between [32768 - 65000]. - Maps to net.ipv4.ip_local_port_range. - type: string - netIpv4NeighDefaultGcThresh1: - description: |- - NetIpv4NeighDefaultGcThresh1 specifies the minimum number of entries that may be in the ARP cache. - Garbage collection won't be triggered if the number of entries is below this setting. - Valid values are 128-80000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh1. - maximum: 80000 - minimum: 128 - type: integer - netIpv4NeighDefaultGcThresh2: - description: |- - NetIpv4NeighDefaultGcThresh2 specifies soft maximum number of entries that may be in the ARP cache. - ARP garbage collection will be triggered about 5 seconds after reaching this soft maximum. - Valid values are 512-90000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh2. - maximum: 90000 - minimum: 512 - type: integer - netIpv4NeighDefaultGcThresh3: - description: |- - NetIpv4NeighDefaultGcThresh3 specified hard maximum number of entries in the ARP cache. - Valid values are 1024-100000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh3. - maximum: 100000 - minimum: 1024 - type: integer - netIpv4TCPFinTimeout: - description: |- - NetIpv4TCPFinTimeout specifies the length of time an orphaned connection will remain in the FIN_WAIT_2 state before it's aborted at the local end. - Valid values are 5-120 (inclusive). - Maps to net.ipv4.tcp_fin_timeout. - maximum: 120 - minimum: 5 - type: integer - netIpv4TCPKeepaliveProbes: - description: |- - NetIpv4TCPKeepaliveProbes specifies the number of keepalive probes TCP sends out, until it decides the connection is broken. - Valid values are 1-15 (inclusive). - Maps to net.ipv4.tcp_keepalive_probes. - maximum: 15 - minimum: 1 - type: integer - netIpv4TCPKeepaliveTime: - description: |- - NetIpv4TCPKeepaliveTime specifies the rate at which TCP sends out a keepalive message when keepalive is enabled. - Valid values are 30-432000 (inclusive). - Maps to net.ipv4.tcp_keepalive_time. - maximum: 432000 - minimum: 30 - type: integer - netIpv4TCPMaxSynBacklog: - description: |- - NetIpv4TCPMaxSynBacklog specifies the maximum number of queued connection requests that have still not received an acknowledgment from the connecting client. - If this number is exceeded, the kernel will begin dropping requests. - Valid values are 128-3240000 (inclusive). - Maps to net.ipv4.tcp_max_syn_backlog. - maximum: 3240000 - minimum: 128 - type: integer - netIpv4TCPMaxTwBuckets: - description: |- - NetIpv4TCPMaxTwBuckets specifies maximal number of timewait sockets held by system simultaneously. - If this number is exceeded, time-wait socket is immediately destroyed and warning is printed. - Valid values are 8000-1440000 (inclusive). - Maps to net.ipv4.tcp_max_tw_buckets. - maximum: 1440000 - minimum: 8000 - type: integer - netIpv4TCPTwReuse: - description: |- - NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT sockets for new connections when it's safe from protocol viewpoint. - Maps to net.ipv4.tcp_tw_reuse. - type: boolean - netIpv4TCPkeepaliveIntvl: - description: |- - NetIpv4TCPkeepaliveIntvl specifies the frequency of the probes sent out. - Multiplied by tcpKeepaliveprobes, it makes up the time to kill a connection that isn't responding, after probes started. - Valid values are 1-75 (inclusive). - Maps to net.ipv4.tcp_keepalive_intvl. - maximum: 75 - minimum: 1 - type: integer - netNetfilterNfConntrackBuckets: - description: |- - NetNetfilterNfConntrackBuckets specifies the size of hash table used by nf_conntrack module to record the established connection record of the TCP protocol. - Valid values are 65536-147456 (inclusive). - Maps to net.netfilter.nf_conntrack_buckets. - maximum: 147456 - minimum: 65536 - type: integer - netNetfilterNfConntrackMax: - description: |- - NetNetfilterNfConntrackMax specifies the maximum number of connections supported by the nf_conntrack module or the size of connection tracking table. - Valid values are 131072-1048576 (inclusive). - Maps to net.netfilter.nf_conntrack_max. - maximum: 1048576 - minimum: 131072 - type: integer - vmMaxMapCount: - description: |- - VMMaxMapCount specifies the maximum number of memory map areas a process may have. - Maps to vm.max_map_count. - Valid values are 65530-262144 (inclusive). - maximum: 262144 - minimum: 65530 - type: integer - vmSwappiness: - description: |- - VMSwappiness specifies aggressiveness of the kernel in swapping memory pages. - Higher values will increase aggressiveness, lower values decrease the amount of swap. - Valid values are 0-100 (inclusive). - Maps to vm.swappiness. - maximum: 100 - minimum: 0 - type: integer - vmVfsCachePressure: - description: |- - VMVfsCachePressure specifies the percentage value that controls tendency of the kernel to reclaim the memory, which is used for caching of directory and inode objects. - Valid values are 1-500 (inclusive). - Maps to vm.vfs_cache_pressure. - maximum: 500 - minimum: 1 - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag specifies whether the kernel should make aggressive use of memory compaction to make more hugepages available. - See also [Linux doc]. - - - [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge for more details. - enum: - - always - - defer - - defer+madvise - - madvise - - never - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled specifies various modes of Transparent Hugepages. - See also [Linux doc]. - - - [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge for more details. - enum: - - always - - madvise - - never - type: string - type: object - maxPods: - description: |- - MaxPods specifies the kubelet `--max-pods` configuration for the node pool. - Immutable. - See also [AKS doc], [K8s doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters - [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ - type: integer - mode: - description: 'Mode represents the mode of an agent pool. Possible - values include: System, User.' - enum: - - System - - User - type: string - name: - description: |- - Name is the name of the agent pool. If not specified, CAPZ uses the name of the CR as the agent pool name. - Immutable. - type: string - nodeLabels: - additionalProperties: - type: string - description: |- - Node labels represent the labels for all of the nodes present in node pool. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID specifies the public IP prefix resource ID which VM nodes should use IPs from. - Immutable. - type: string - osDiskSizeGB: - description: |- - OSDiskSizeGB is the disk size for every machine in this agent pool. - If you specify 0, it will apply the default osDisk size according to the vmSize specified. - Immutable. - type: integer - osDiskType: - default: Managed - description: |- - OsDiskType specifies the OS disk type for each node in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os - enum: - - Ephemeral - - Managed - type: string - osType: - description: |- - OSType specifies the virtual machine operating system. Default to Linux. Possible values include: 'Linux', 'Windows'. - 'Windows' requires the AzureManagedControlPlane's `spec.networkPlugin` to be `azure`. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype - enum: - - Linux - - Windows - type: string - providerIDList: - description: ProviderIDList is the unique identifier as specified - by the cloud provider. - items: - type: string - type: array - scaleDownMode: - default: Delete - description: 'ScaleDownMode affects the cluster autoscaler behavior. - Default to Delete. Possible values include: ''Deallocate'', ''Delete''' - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - description: |- - ScaleSetPriority specifies the ScaleSetPriority value. Default to Regular. Possible values include: 'Regular', 'Spot' - Immutable. - enum: - - Regular - - Spot - type: string - scaling: - description: Scaling specifies the autoscaling parameters for the - node pool. - properties: - maxSize: - description: MaxSize is the maximum number of nodes for auto-scaling. - type: integer - minSize: - description: MinSize is the minimum number of nodes for auto-scaling. - type: integer - type: object - sku: - description: |- - SKU is the size of the VMs in the node pool. - Immutable. - type: string - spotMaxPrice: - anyOf: - - type: integer - - type: string - description: |- - SpotMaxPrice defines max price to pay for spot instance. Possible values are any decimal value greater than zero or -1. - If you set the max price to be -1, the VM won't be evicted based on price. The price for the VM will be the current price - for spot or the price for a standard VM, which ever is less, as long as there's capacity and quota available. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - subnetName: - description: |- - SubnetName specifies the Subnet where the MachinePool will be placed - Immutable. - type: string - taints: - description: |- - Taints specifies the taints for nodes present in this agent pool. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints - items: - description: Taint represents a Kubernetes taint. - properties: - effect: - description: Effect specifies the effect for the taint - enum: - - NoSchedule - - NoExecute - - PreferNoSchedule - type: string - key: - description: Key is the key of the taint - type: string - value: - description: Value is the value of the taint - type: string - required: - - effect - - key - - value - type: object - type: array - required: - - mode - - sku - type: object - status: - description: AzureManagedMachinePoolStatus defines the observed state - of AzureManagedMachinePool. - properties: - conditions: - description: Conditions defines current service state of the AzureManagedControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - errorMessage: - description: |- - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - errorReason: - description: |- - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - ready: - description: Ready is true when the provider resource is ready. - type: boolean - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremanagedclusters.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedCluster - listKind: AzureManagedClusterList - plural: azuremanagedclusters - shortNames: - - amc - singular: azuremanagedcluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureManagedCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - jsonPath: .status.ready - name: Ready - type: string - - description: Time duration since creation of this AzureManagedCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedCluster is the Schema for the azuremanagedclusters - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster. - properties: - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. - Immutable, populated by the AKS API at create. - Because this field is programmatically set by CAPZ after resource creation, we define it as +optional - in the API schema to permit resource admission. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - type: object - status: - description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster. - properties: - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedControlPlane - listKind: AzureManagedControlPlaneList - plural: azuremanagedcontrolplanes - shortNames: - - amcp - singular: azuremanagedcontrolplane - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureManagedControlPlane belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - priority: 1 - type: string - - description: Time duration since creation of this AzureManagedControlPlane - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedControlPlaneSpec defines the desired state of - AzureManagedControlPlane. - properties: - aadProfile: - description: AadProfile is Azure Active Directory configuration to - integrate with AKS for aad authentication. - properties: - adminGroupObjectIDs: - description: AdminGroupObjectIDs - AAD group object IDs that will - have admin role of the cluster. - items: - type: string - type: array - managed: - description: Managed - Whether to enable managed AAD. - type: boolean - required: - - adminGroupObjectIDs - - managed - type: object - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the - ones added by default. - type: object - addonProfiles: - description: AddonProfiles are the profiles of managed cluster add-on. - items: - description: AddonProfile represents a managed cluster add-on. - properties: - config: - additionalProperties: - type: string - description: Config - Key-value pairs for configuring the add-on. - type: object - enabled: - description: Enabled - Whether the add-on is enabled or not. - type: boolean - name: - description: Name - The name of the managed cluster add-on. - type: string - required: - - enabled - - name - type: object - type: array - apiServerAccessProfile: - description: |- - APIServerAccessProfile is the access profile for AKS API server. - Immutable except for `authorizedIPRanges`. - properties: - authorizedIPRanges: - description: AuthorizedIPRanges - Authorized IP Ranges to kubernetes - API server. - items: - type: string - type: array - enablePrivateCluster: - description: EnablePrivateCluster indicates whether to create - the cluster as a private cluster or not. - type: boolean - enablePrivateClusterPublicFQDN: - description: EnablePrivateClusterPublicFQDN indicates whether - to create additional public FQDN for private cluster or not. - type: boolean - privateDNSZone: - description: PrivateDNSZone enables private dns zone mode for - private cluster. - type: string - type: object - asoManagedClusterPatches: - description: |- - ASOManagedClusterPatches defines JSON merge patches to be applied to the generated ASO ManagedCluster resource. - WARNING: This is meant to be used sparingly to enable features for development and testing that are not - otherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of - operation is possible. - items: - type: string - type: array - autoUpgradeProfile: - description: AutoUpgradeProfile defines the auto upgrade configuration. - properties: - upgradeChannel: - description: UpgradeChannel determines the type of upgrade channel - for automatically upgrading the cluster. - enum: - - node-image - - none - - patch - - rapid - - stable - type: string - type: object - autoscalerProfile: - description: AutoscalerProfile is the parameters to be applied to - the cluster-autoscaler when enabled - properties: - balanceSimilarNodeGroups: - description: BalanceSimilarNodeGroups - Valid values are 'true' - and 'false'. The default is false. - enum: - - "true" - - "false" - type: string - expander: - description: Expander - If not specified, the default is 'random'. - See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) - for more information. - enum: - - least-waste - - most-pods - - priority - - random - type: string - maxEmptyBulkDelete: - description: MaxEmptyBulkDelete - The default is 10. - type: string - maxGracefulTerminationSec: - description: MaxGracefulTerminationSec - The default is 600. - pattern: ^(\d+)$ - type: string - maxNodeProvisionTime: - description: MaxNodeProvisionTime - The default is '15m'. Values - must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - maxTotalUnreadyPercentage: - description: MaxTotalUnreadyPercentage - The default is 45. The - maximum is 100 and the minimum is 0. - maxLength: 3 - minLength: 1 - pattern: ^(\d+)$ - type: string - newPodScaleUpDelay: - description: NewPodScaleUpDelay - For scenarios like burst/batch - scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled - pods before they're a certain age. The default is '0s'. Values - must be an integer followed by a unit ('s' for seconds, 'm' - for minutes, 'h' for hours, etc). - type: string - okTotalUnreadyCount: - description: OkTotalUnreadyCount - This must be an integer. The - default is 3. - pattern: ^(\d+)$ - type: string - scaleDownDelayAfterAdd: - description: ScaleDownDelayAfterAdd - The default is '10m'. Values - must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownDelayAfterDelete: - description: ScaleDownDelayAfterDelete - The default is the scan-interval. - Values must be an integer followed by an 's'. No unit of time - other than seconds (s) is supported. - pattern: ^(\d+)s$ - type: string - scaleDownDelayAfterFailure: - description: ScaleDownDelayAfterFailure - The default is '3m'. - Values must be an integer followed by an 'm'. No unit of time - other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUnneededTime: - description: ScaleDownUnneededTime - The default is '10m'. Values - must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUnreadyTime: - description: ScaleDownUnreadyTime - The default is '20m'. Values - must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUtilizationThreshold: - description: ScaleDownUtilizationThreshold - The default is '0.5'. - type: string - scanInterval: - description: ScanInterval - How often cluster is reevaluated for - scale up or down. The default is '10s'. - pattern: ^(\d+)s$ - type: string - skipNodesWithLocalStorage: - description: SkipNodesWithLocalStorage - The default is false. - enum: - - "true" - - "false" - type: string - skipNodesWithSystemPods: - description: SkipNodesWithSystemPods - The default is true. - enum: - - "true" - - "false" - type: string - type: object - azureEnvironment: - description: |- - AzureEnvironment is the name of the AzureCloud to be used. - The default value that would be used by most users is "AzurePublicCloud", other values are: - - ChinaCloud: "AzureChinaCloud" - - PublicCloud: "AzurePublicCloud" - - USGovernmentCloud: "AzureUSGovernmentCloud" - - - Note that values other than the default must also be accompanied by corresponding changes to the - aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does - not support referring to multiple different clouds in a single installation. The following fields must - be defined in the Secret: - - AZURE_AUTHORITY_HOST - - AZURE_RESOURCE_MANAGER_ENDPOINT - - AZURE_RESOURCE_MANAGER_AUDIENCE - - - See the [ASO docs] for more details. - - - [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. - Immutable, populated by the AKS API at create. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - disableLocalAccounts: - description: DisableLocalAccounts disables getting static credentials - for this cluster when set. Expected to only be used for AAD clusters. - type: boolean - dnsPrefix: - description: |- - DNSPrefix allows the user to customize dns prefix. - Immutable. - type: string - dnsServiceIP: - description: |- - DNSServiceIP is an IP address assigned to the Kubernetes DNS service. - It must be within the Kubernetes service address range specified in serviceCidr. - Immutable. - type: string - enablePreviewFeatures: - description: EnablePreviewFeatures enables preview features for the - cluster. - type: boolean - extensions: - description: Extensions is a list of AKS extensions to be installed - on the cluster. - items: - description: |- - AKSExtension represents the configuration for an AKS cluster extension. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/cluster-extensions - properties: - aksAssignedIdentityType: - description: AKSAssignedIdentityType is the type of the AKS - assigned identity. - enum: - - SystemAssigned - - UserAssigned - type: string - autoUpgradeMinorVersion: - default: true - description: AutoUpgradeMinorVersion is a flag to note if this - extension participates in auto upgrade of minor version, or - not. - type: boolean - configurationSettings: - additionalProperties: - type: string - description: ConfigurationSettings are the name-value pairs - for configuring this extension. - type: object - extensionType: - description: |- - ExtensionType is the type of the Extension of which this resource is an instance. - It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. - type: string - identity: - description: Identity is the identity type of the Extension - resource in an AKS cluster. - enum: - - SystemAssigned - type: string - name: - description: Name is the name of the extension. - type: string - plan: - description: Plan is the plan of the extension. - properties: - name: - description: Name is the user-defined name of the 3rd Party - Artifact that is being procured. - type: string - product: - description: Product is the name of the 3rd Party artifact - that is being procured. - type: string - promotionCode: - description: PromotionCode is a publisher-provided promotion - code as provisioned in Data Market for the said product/artifact. - type: string - publisher: - description: Publisher is the name of the publisher of the - 3rd Party Artifact that is being bought. - type: string - version: - description: Version is the version of the plan. - type: string - type: object - releaseTrain: - description: |- - ReleaseTrain is the release train this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - This is only used if autoUpgradeMinorVersion is ‘true’. - type: string - scope: - description: Scope is the scope at which this extension is enabled. - properties: - releaseNamespace: - description: |- - ReleaseNamespace is the namespace where the extension Release must be placed, for a Cluster-scoped extension. - Required for Cluster-scoped extensions. - type: string - scopeType: - description: ScopeType is the scope of the extension. It - can be either Cluster or Namespace, but not both. - enum: - - Cluster - - Namespace - type: string - targetNamespace: - description: |- - TargetNamespace is the namespace where the extension will be created for a Namespace-scoped extension. - Required for Namespace-scoped extensions. - type: string - required: - - scopeType - type: object - version: - description: Version is the version of the extension. - type: string - required: - - extensionType - - name - type: object - type: array - fleetsMember: - description: |- - FleetsMember is the spec for the fleet this cluster is a member of. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members - properties: - group: - description: Group is the group this member belongs to for multi-cluster - update management. - type: string - managerName: - description: ManagerName is the name of the fleet manager. - type: string - managerResourceGroup: - description: ManagerResourceGroup is the resource group of the - fleet manager. - type: string - name: - description: Name is the name of the member. - type: string - required: - - managerName - - managerResourceGroup - type: object - httpProxyConfig: - description: |- - HTTPProxyConfig is the HTTP proxy configuration for the cluster. - Immutable. - properties: - httpProxy: - description: HTTPProxy is the HTTP proxy server endpoint to use. - type: string - httpsProxy: - description: HTTPSProxy is the HTTPS proxy server endpoint to - use. - type: string - noProxy: - description: NoProxy indicates the endpoints that should not go - through proxy. - items: - type: string - type: array - trustedCa: - description: TrustedCA is the alternative CA cert to use for connecting - to proxy servers. - type: string - type: object - identity: - description: Identity configuration used by the AKS control plane. - properties: - type: - description: Type - The Identity type to use. - enum: - - SystemAssigned - - UserAssigned - type: string - userAssignedIdentityResourceID: - description: UserAssignedIdentityResourceID - Identity ARM resource - ID when using user-assigned identity. - type: string - type: object - identityRef: - description: IdentityRef is a reference to a AzureClusterIdentity - to be used when reconciling this cluster - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - kubeletUserAssignedIdentity: - description: |- - KubeletUserAssignedIdentity is the user-assigned identity for kubelet. - For authentication with Azure Container Registry. - type: string - loadBalancerProfile: - description: LoadBalancerProfile is the profile of the cluster load - balancer. - properties: - allocatedOutboundPorts: - description: AllocatedOutboundPorts - Desired number of allocated - SNAT ports per VM. Allowed values must be in the range of 0 - to 64000 (inclusive). The default value is 0 which results in - Azure dynamically allocating ports. - type: integer - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes - Desired outbound flow idle - timeout in minutes. Allowed values must be in the range of 4 - to 120 (inclusive). The default value is 30 minutes. - type: integer - managedOutboundIPs: - description: ManagedOutboundIPs - Desired managed outbound IPs - for the cluster load balancer. - type: integer - outboundIPPrefixes: - description: OutboundIPPrefixes - Desired outbound IP Prefix resources - for the cluster load balancer. - items: - type: string - type: array - outboundIPs: - description: OutboundIPs - Desired outbound IP resources for the - cluster load balancer. - items: - type: string - type: array - type: object - loadBalancerSKU: - default: Standard - description: |- - LoadBalancerSKU is the SKU of the loadBalancer to be provisioned. - Immutable. - enum: - - Basic - - Standard - type: string - location: - description: 'Location is a string matching one of the canonical Azure - region names. Examples: "westus2", "eastus".' - type: string - machineTemplate: - description: |- - MachineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - For the AzureManagedControlPlaneTemplate, this field is used - only to fulfill the CAPI contract. - type: object - networkDataplane: - description: NetworkDataplane is the dataplane used for building the - Kubernetes network. - enum: - - azure - - cilium - type: string - networkPlugin: - description: NetworkPlugin used for building Kubernetes network. - enum: - - azure - - kubenet - - none - type: string - networkPluginMode: - description: |- - NetworkPluginMode is the mode the network plugin should use. - Allowed value is "overlay". - enum: - - overlay - type: string - networkPolicy: - description: NetworkPolicy used for building Kubernetes network. - enum: - - azure - - calico - - cilium - type: string - nodeResourceGroupName: - description: |- - NodeResourceGroupName is the name of the resource group - containing cluster IaaS resources. Will be populated to default - in webhook. - Immutable. - type: string - oidcIssuerProfile: - description: OIDCIssuerProfile is the OIDC issuer profile of the Managed - Cluster. - properties: - enabled: - description: Enabled is whether the OIDC issuer is enabled. - type: boolean - type: object - outboundType: - description: Outbound configuration used by Nodes. - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting - type: string - resourceGroupName: - description: |- - ResourceGroupName is the name of the Azure resource group for this AKS Cluster. - Immutable. - type: string - securityProfile: - description: SecurityProfile defines the security profile for cluster. - properties: - azureKeyVaultKms: - description: AzureKeyVaultKms defines Azure Key Vault Management - Services Profile for the security profile. - properties: - enabled: - description: Enabled enables the Azure Key Vault key management - service. The default is false. - type: boolean - keyID: - description: |- - KeyID defines the Identifier of Azure Key Vault key. - When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. - type: string - keyVaultNetworkAccess: - default: Public - description: |- - KeyVaultNetworkAccess defines the network access of key vault. - The possible values are Public and Private. - Public means the key vault allows public access from all networks. - Private means the key vault disables public access and enables private link. The default value is Public. - type: string - keyVaultResourceID: - description: KeyVaultResourceID is the Resource ID of key - vault. When keyVaultNetworkAccess is Private, this field - is required and must be a valid resource ID. - type: string - required: - - enabled - - keyID - type: object - defender: - description: Defender settings for the security profile. - properties: - logAnalyticsWorkspaceResourceID: - description: |- - LogAnalyticsWorkspaceResourceID is the ID of the Log Analytics workspace that has to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. - type: string - securityMonitoring: - description: SecurityMonitoring profile defines the Microsoft - Defender threat detection for Cloud settings for the security - profile. - properties: - enabled: - description: Enabled enables Defender threat detection - type: boolean - required: - - enabled - type: object - required: - - logAnalyticsWorkspaceResourceID - - securityMonitoring - type: object - imageCleaner: - description: ImageCleaner settings for the security profile. - properties: - enabled: - description: Enabled enables the Image Cleaner on AKS cluster. - type: boolean - intervalHours: - description: IntervalHours defines Image Cleaner scanning - interval in hours. Default value is 24 hours. - maximum: 2160 - minimum: 24 - type: integer - required: - - enabled - type: object - workloadIdentity: - description: Workloadidentity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. Ensure - to enable OIDC issuer while enabling Workload Identity - properties: - enabled: - description: Enabled enables the workload identity. - type: boolean - required: - - enabled - type: object - type: object - sku: - description: SKU is the SKU of the AKS to be provisioned. - properties: - tier: - description: Tier - Tier of an AKS cluster. - enum: - - Free - - Paid - - Standard - type: string - required: - - tier - type: object - sshPublicKey: - description: |- - SSHPublicKey is a string literal containing an ssh public key base64 encoded. - Use empty string to autogenerate new key. Use null value to not set key. - Immutable. - type: string - subscriptionID: - description: SubscriptionID is the GUID of the Azure subscription - that owns this cluster. - type: string - version: - description: Version defines the desired Kubernetes version. - minLength: 2 - type: string - virtualNetwork: - description: VirtualNetwork describes the virtual network for the - AKS cluster. It will be created if it does not already exist. - properties: - cidrBlock: - type: string - name: - description: Name is the name of the virtual network. - type: string - resourceGroup: - description: ResourceGroup is the name of the Azure resource group - for the VNet and Subnet. - type: string - subnet: - description: ManagedControlPlaneSubnet describes a subnet for - an AKS cluster. - properties: - cidrBlock: - type: string - name: - type: string - privateEndpoints: - description: PrivateEndpoints is a slice of Virtual Network - private endpoints to create for the subnets. - items: - description: PrivateEndpointSpec configures an Azure Private - Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies the - Application security group in which the private endpoint - IP configuration is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies the - network interface name associated with the private - endpoint. - type: string - location: - description: Location specifies the region to create - the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the private - endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections specifies - Private Link Service Connections of the private endpoint. - items: - description: PrivateLinkServiceConnection defines - the specification for a private link service connection - associated with a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the ID(s) of the - group(s) obtained from the remote resource that - this private endpoint should connect to. - items: - type: string - type: array - name: - description: Name specifies the name of the private - link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies the - resource ID of the private link service. - type: string - requestMessage: - description: RequestMessage specifies a message - passed to the owner of the remote resource with - the private endpoint connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual Network - service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an Azure Service - Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - cidrBlock - - name - type: object - required: - - cidrBlock - - name - type: object - required: - - identityRef - - location - - resourceGroupName - - version - type: object - status: - description: AzureManagedControlPlaneStatus defines the observed state - of AzureManagedControlPlane. - properties: - autoUpgradeVersion: - description: AutoUpgradeVersion is the Kubernetes version populated - after auto-upgrade based on the upgrade channel. - minLength: 2 - type: string - conditions: - description: Conditions defines current service state of the AzureManagedControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - initialized: - description: |- - Initialized is true when the control plane is available for initial contact. - This may occur before the control plane is fully ready. - In the AzureManagedControlPlane implementation, these are identical. - type: boolean - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - oidcIssuerProfile: - description: OIDCIssuerProfile is the OIDC issuer profile of the Managed - Cluster. - properties: - issuerURL: - description: IssuerURL is the OIDC issuer url of the Managed Cluster. - type: string - type: object - ready: - description: Ready is true when the provider resource is ready. - type: boolean - version: - description: Version defines the Kubernetes version for the control - plane instance. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureMachinePoolMachine - listKind: AzureMachinePoolMachineList - plural: azuremachinepoolmachines - shortNames: - - ampm - singular: azuremachinepoolmachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Kubernetes version - jsonPath: .status.version - name: Version - type: string - - description: Flag indicating infrastructure is successfully provisioned - jsonPath: .status.ready - name: Ready - type: string - - description: Azure VMSS VM provisioning state - jsonPath: .status.provisioningState - name: State - type: string - - description: Cluster to which this AzureMachinePoolMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - priority: 1 - type: string - - description: Azure VMSS VM ID - jsonPath: .spec.providerID - name: VMSS VM ID - priority: 1 - type: string - - description: Time duration since creation of this AzureMachinePoolMachine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureMachinePoolMachine is the Schema for the azuremachinepoolmachines - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureMachinePoolMachineSpec defines the desired state of - AzureMachinePoolMachine. - properties: - instanceID: - description: InstanceID is the identification of the Machine Instance - within the VMSS - type: string - providerID: - description: ProviderID is the identification ID of the Virtual Machine - Scale Set - type: string - required: - - providerID - type: object - status: - description: AzureMachinePoolMachineStatus defines the observed state - of AzureMachinePoolMachine. - properties: - conditions: - description: Conditions defines current service state of the AzureMachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the MachinePool and will contain a more verbose string suitable - for logging and human consumption. - - - Any transient errors that occur during the reconciliation of MachinePools - can be added as events to the MachinePool object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the MachinePool machine and will contain a succinct value suitable - for machine interpretation. - - - Any transient errors that occur during the reconciliation of MachinePools - can be added as events to the MachinePool object and/or logged in the - controller's output. - type: string - instanceName: - description: InstanceName is the name of the Machine Instance within - the VMSS - type: string - latestModelApplied: - description: |- - LatestModelApplied indicates the instance is running the most up-to-date VMSS model. A VMSS model describes - the image version the VM is running. If the instance is not running the latest model, it means the instance - may not be running the version of Kubernetes the Machine Pool has specified and needs to be updated. - type: boolean - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the state for Azure long running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - nodeRef: - description: NodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - provisioningState: - description: ProvisioningState is the provisioning state of the Azure - virtual machine instance. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - version: - description: Version defines the Kubernetes version for the VM Instance - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedClusterTemplate - listKind: AzureManagedClusterTemplateList - plural: azuremanagedclustertemplates - shortNames: - - amct - singular: azuremanagedclustertemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedClusterTemplate is the Schema for the AzureManagedClusterTemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedClusterTemplateSpec defines the desired state - of AzureManagedClusterTemplate. - properties: - template: - description: AzureManagedClusterTemplateResource describes the data - needed to create an AzureManagedCluster from a template. - properties: - spec: - description: AzureManagedClusterTemplateResourceSpec specifies - an Azure managed cluster template resource. - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedControlPlaneTemplate - listKind: AzureManagedControlPlaneTemplateList - plural: azuremanagedcontrolplanetemplates - shortNames: - - amcpt - singular: azuremanagedcontrolplanetemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedControlPlaneTemplate is the Schema for the AzureManagedControlPlaneTemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedControlPlaneTemplateSpec defines the desired - state of AzureManagedControlPlaneTemplate. - properties: - template: - description: AzureManagedControlPlaneTemplateResource describes the - data needed to create an AzureManagedCluster from a template. - properties: - spec: - description: AzureManagedControlPlaneTemplateResourceSpec specifies - an Azure managed control plane template resource. - properties: - aadProfile: - description: AadProfile is Azure Active Directory configuration - to integrate with AKS for aad authentication. - properties: - adminGroupObjectIDs: - description: AdminGroupObjectIDs - AAD group object IDs - that will have admin role of the cluster. - items: - type: string - type: array - managed: - description: Managed - Whether to enable managed AAD. - type: boolean - required: - - adminGroupObjectIDs - - managed - type: object - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the - ones added by default. - type: object - addonProfiles: - description: AddonProfiles are the profiles of managed cluster - add-on. - items: - description: AddonProfile represents a managed cluster add-on. - properties: - config: - additionalProperties: - type: string - description: Config - Key-value pairs for configuring - the add-on. - type: object - enabled: - description: Enabled - Whether the add-on is enabled - or not. - type: boolean - name: - description: Name - The name of the managed cluster - add-on. - type: string - required: - - enabled - - name - type: object - type: array - apiServerAccessProfile: - description: |- - APIServerAccessProfile is the access profile for AKS API server. - Immutable except for `authorizedIPRanges`. - properties: - authorizedIPRanges: - description: AuthorizedIPRanges - Authorized IP Ranges - to kubernetes API server. - items: - type: string - type: array - enablePrivateCluster: - description: EnablePrivateCluster indicates whether to - create the cluster as a private cluster or not. - type: boolean - enablePrivateClusterPublicFQDN: - description: EnablePrivateClusterPublicFQDN indicates - whether to create additional public FQDN for private - cluster or not. - type: boolean - privateDNSZone: - description: PrivateDNSZone enables private dns zone mode - for private cluster. - type: string - type: object - asoManagedClusterPatches: - description: |- - ASOManagedClusterPatches defines JSON merge patches to be applied to the generated ASO ManagedCluster resource. - WARNING: This is meant to be used sparingly to enable features for development and testing that are not - otherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of - operation is possible. - items: - type: string - type: array - autoUpgradeProfile: - description: AutoUpgradeProfile defines the auto upgrade configuration. - properties: - upgradeChannel: - description: UpgradeChannel determines the type of upgrade - channel for automatically upgrading the cluster. - enum: - - node-image - - none - - patch - - rapid - - stable - type: string - type: object - autoscalerProfile: - description: AutoscalerProfile is the parameters to be applied - to the cluster-autoscaler when enabled - properties: - balanceSimilarNodeGroups: - description: BalanceSimilarNodeGroups - Valid values are - 'true' and 'false'. The default is false. - enum: - - "true" - - "false" - type: string - expander: - description: Expander - If not specified, the default - is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) - for more information. - enum: - - least-waste - - most-pods - - priority - - random - type: string - maxEmptyBulkDelete: - description: MaxEmptyBulkDelete - The default is 10. - type: string - maxGracefulTerminationSec: - description: MaxGracefulTerminationSec - The default is - 600. - pattern: ^(\d+)$ - type: string - maxNodeProvisionTime: - description: MaxNodeProvisionTime - The default is '15m'. - Values must be an integer followed by an 'm'. No unit - of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - maxTotalUnreadyPercentage: - description: MaxTotalUnreadyPercentage - The default is - 45. The maximum is 100 and the minimum is 0. - maxLength: 3 - minLength: 1 - pattern: ^(\d+)$ - type: string - newPodScaleUpDelay: - description: NewPodScaleUpDelay - For scenarios like burst/batch - scale where you don't want CA to act before the kubernetes - scheduler could schedule all the pods, you can tell - CA to ignore unscheduled pods before they're a certain - age. The default is '0s'. Values must be an integer - followed by a unit ('s' for seconds, 'm' for minutes, - 'h' for hours, etc). - type: string - okTotalUnreadyCount: - description: OkTotalUnreadyCount - This must be an integer. - The default is 3. - pattern: ^(\d+)$ - type: string - scaleDownDelayAfterAdd: - description: ScaleDownDelayAfterAdd - The default is '10m'. - Values must be an integer followed by an 'm'. No unit - of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownDelayAfterDelete: - description: ScaleDownDelayAfterDelete - The default is - the scan-interval. Values must be an integer followed - by an 's'. No unit of time other than seconds (s) is - supported. - pattern: ^(\d+)s$ - type: string - scaleDownDelayAfterFailure: - description: ScaleDownDelayAfterFailure - The default - is '3m'. Values must be an integer followed by an 'm'. - No unit of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUnneededTime: - description: ScaleDownUnneededTime - The default is '10m'. - Values must be an integer followed by an 'm'. No unit - of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUnreadyTime: - description: ScaleDownUnreadyTime - The default is '20m'. - Values must be an integer followed by an 'm'. No unit - of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUtilizationThreshold: - description: ScaleDownUtilizationThreshold - The default - is '0.5'. - type: string - scanInterval: - description: ScanInterval - How often cluster is reevaluated - for scale up or down. The default is '10s'. - pattern: ^(\d+)s$ - type: string - skipNodesWithLocalStorage: - description: SkipNodesWithLocalStorage - The default is - false. - enum: - - "true" - - "false" - type: string - skipNodesWithSystemPods: - description: SkipNodesWithSystemPods - The default is - true. - enum: - - "true" - - "false" - type: string - type: object - azureEnvironment: - description: |- - AzureEnvironment is the name of the AzureCloud to be used. - The default value that would be used by most users is "AzurePublicCloud", other values are: - - ChinaCloud: "AzureChinaCloud" - - PublicCloud: "AzurePublicCloud" - - USGovernmentCloud: "AzureUSGovernmentCloud" - - - Note that values other than the default must also be accompanied by corresponding changes to the - aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does - not support referring to multiple different clouds in a single installation. The following fields must - be defined in the Secret: - - AZURE_AUTHORITY_HOST - - AZURE_RESOURCE_MANAGER_ENDPOINT - - AZURE_RESOURCE_MANAGER_AUDIENCE - - - See the [ASO docs] for more details. - - - [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ - type: string - disableLocalAccounts: - description: DisableLocalAccounts disables getting static - credentials for this cluster when set. Expected to only - be used for AAD clusters. - type: boolean - dnsServiceIP: - description: |- - DNSServiceIP is an IP address assigned to the Kubernetes DNS service. - It must be within the Kubernetes service address range specified in serviceCidr. - Immutable. - type: string - enablePreviewFeatures: - description: EnablePreviewFeatures enables preview features - for the cluster. - type: boolean - extensions: - description: Extensions is a list of AKS extensions to be - installed on the cluster. - items: - description: |- - AKSExtension represents the configuration for an AKS cluster extension. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/cluster-extensions - properties: - aksAssignedIdentityType: - description: AKSAssignedIdentityType is the type of - the AKS assigned identity. - enum: - - SystemAssigned - - UserAssigned - type: string - autoUpgradeMinorVersion: - default: true - description: AutoUpgradeMinorVersion is a flag to note - if this extension participates in auto upgrade of - minor version, or not. - type: boolean - configurationSettings: - additionalProperties: - type: string - description: ConfigurationSettings are the name-value - pairs for configuring this extension. - type: object - extensionType: - description: |- - ExtensionType is the type of the Extension of which this resource is an instance. - It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. - type: string - identity: - description: Identity is the identity type of the Extension - resource in an AKS cluster. - enum: - - SystemAssigned - type: string - name: - description: Name is the name of the extension. - type: string - plan: - description: Plan is the plan of the extension. - properties: - name: - description: Name is the user-defined name of the - 3rd Party Artifact that is being procured. - type: string - product: - description: Product is the name of the 3rd Party - artifact that is being procured. - type: string - promotionCode: - description: PromotionCode is a publisher-provided - promotion code as provisioned in Data Market for - the said product/artifact. - type: string - publisher: - description: Publisher is the name of the publisher - of the 3rd Party Artifact that is being bought. - type: string - version: - description: Version is the version of the plan. - type: string - type: object - releaseTrain: - description: |- - ReleaseTrain is the release train this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - This is only used if autoUpgradeMinorVersion is ‘true’. - type: string - scope: - description: Scope is the scope at which this extension - is enabled. - properties: - releaseNamespace: - description: |- - ReleaseNamespace is the namespace where the extension Release must be placed, for a Cluster-scoped extension. - Required for Cluster-scoped extensions. - type: string - scopeType: - description: ScopeType is the scope of the extension. - It can be either Cluster or Namespace, but not - both. - enum: - - Cluster - - Namespace - type: string - targetNamespace: - description: |- - TargetNamespace is the namespace where the extension will be created for a Namespace-scoped extension. - Required for Namespace-scoped extensions. - type: string - required: - - scopeType - type: object - version: - description: Version is the version of the extension. - type: string - required: - - extensionType - - name - type: object - type: array - fleetsMember: - description: |- - FleetsMember is the spec for the fleet this cluster is a member of. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members - properties: - group: - description: Group is the group this member belongs to - for multi-cluster update management. - type: string - managerName: - description: ManagerName is the name of the fleet manager. - type: string - managerResourceGroup: - description: ManagerResourceGroup is the resource group - of the fleet manager. - type: string - required: - - managerName - - managerResourceGroup - type: object - httpProxyConfig: - description: |- - HTTPProxyConfig is the HTTP proxy configuration for the cluster. - Immutable. - properties: - httpProxy: - description: HTTPProxy is the HTTP proxy server endpoint - to use. - type: string - httpsProxy: - description: HTTPSProxy is the HTTPS proxy server endpoint - to use. - type: string - noProxy: - description: NoProxy indicates the endpoints that should - not go through proxy. - items: - type: string - type: array - trustedCa: - description: TrustedCA is the alternative CA cert to use - for connecting to proxy servers. - type: string - type: object - identity: - description: Identity configuration used by the AKS control - plane. - properties: - type: - description: Type - The Identity type to use. - enum: - - SystemAssigned - - UserAssigned - type: string - userAssignedIdentityResourceID: - description: UserAssignedIdentityResourceID - Identity - ARM resource ID when using user-assigned identity. - type: string - type: object - identityRef: - description: IdentityRef is a reference to a AzureClusterIdentity - to be used when reconciling this cluster - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - kubeletUserAssignedIdentity: - description: |- - KubeletUserAssignedIdentity is the user-assigned identity for kubelet. - For authentication with Azure Container Registry. - type: string - loadBalancerProfile: - description: LoadBalancerProfile is the profile of the cluster - load balancer. - properties: - allocatedOutboundPorts: - description: AllocatedOutboundPorts - Desired number of - allocated SNAT ports per VM. Allowed values must be - in the range of 0 to 64000 (inclusive). The default - value is 0 which results in Azure dynamically allocating - ports. - type: integer - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes - Desired outbound flow - idle timeout in minutes. Allowed values must be in the - range of 4 to 120 (inclusive). The default value is - 30 minutes. - type: integer - managedOutboundIPs: - description: ManagedOutboundIPs - Desired managed outbound - IPs for the cluster load balancer. - type: integer - outboundIPPrefixes: - description: OutboundIPPrefixes - Desired outbound IP - Prefix resources for the cluster load balancer. - items: - type: string - type: array - outboundIPs: - description: OutboundIPs - Desired outbound IP resources - for the cluster load balancer. - items: - type: string - type: array - type: object - loadBalancerSKU: - default: Standard - description: |- - LoadBalancerSKU is the SKU of the loadBalancer to be provisioned. - Immutable. - enum: - - Basic - - Standard - type: string - location: - description: 'Location is a string matching one of the canonical - Azure region names. Examples: "westus2", "eastus".' - type: string - machineTemplate: - description: |- - MachineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - For the AzureManagedControlPlaneTemplate, this field is used - only to fulfill the CAPI contract. - type: object - networkDataplane: - description: NetworkDataplane is the dataplane used for building - the Kubernetes network. - enum: - - azure - - cilium - type: string - networkPlugin: - description: NetworkPlugin used for building Kubernetes network. - enum: - - azure - - kubenet - - none - type: string - networkPluginMode: - description: |- - NetworkPluginMode is the mode the network plugin should use. - Allowed value is "overlay". - enum: - - overlay - type: string - networkPolicy: - description: NetworkPolicy used for building Kubernetes network. - enum: - - azure - - calico - - cilium - type: string - oidcIssuerProfile: - description: OIDCIssuerProfile is the OIDC issuer profile - of the Managed Cluster. - properties: - enabled: - description: Enabled is whether the OIDC issuer is enabled. - type: boolean - type: object - outboundType: - description: Outbound configuration used by Nodes. - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting - type: string - resourceGroupName: - description: |- - ResourceGroupName is the name of the Azure resource group for this AKS Cluster. - Immutable. - type: string - securityProfile: - description: SecurityProfile defines the security profile - for cluster. - properties: - azureKeyVaultKms: - description: AzureKeyVaultKms defines Azure Key Vault - Management Services Profile for the security profile. - properties: - enabled: - description: Enabled enables the Azure Key Vault key - management service. The default is false. - type: boolean - keyID: - description: |- - KeyID defines the Identifier of Azure Key Vault key. - When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. - type: string - keyVaultNetworkAccess: - default: Public - description: |- - KeyVaultNetworkAccess defines the network access of key vault. - The possible values are Public and Private. - Public means the key vault allows public access from all networks. - Private means the key vault disables public access and enables private link. The default value is Public. - type: string - keyVaultResourceID: - description: KeyVaultResourceID is the Resource ID - of key vault. When keyVaultNetworkAccess is Private, - this field is required and must be a valid resource - ID. - type: string - required: - - enabled - - keyID - type: object - defender: - description: Defender settings for the security profile. - properties: - logAnalyticsWorkspaceResourceID: - description: |- - LogAnalyticsWorkspaceResourceID is the ID of the Log Analytics workspace that has to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. - type: string - securityMonitoring: - description: SecurityMonitoring profile defines the - Microsoft Defender threat detection for Cloud settings - for the security profile. - properties: - enabled: - description: Enabled enables Defender threat detection - type: boolean - required: - - enabled - type: object - required: - - logAnalyticsWorkspaceResourceID - - securityMonitoring - type: object - imageCleaner: - description: ImageCleaner settings for the security profile. - properties: - enabled: - description: Enabled enables the Image Cleaner on - AKS cluster. - type: boolean - intervalHours: - description: IntervalHours defines Image Cleaner scanning - interval in hours. Default value is 24 hours. - maximum: 2160 - minimum: 24 - type: integer - required: - - enabled - type: object - workloadIdentity: - description: Workloadidentity enables Kubernetes applications - to access Azure cloud resources securely with Azure - AD. Ensure to enable OIDC issuer while enabling Workload - Identity - properties: - enabled: - description: Enabled enables the workload identity. - type: boolean - required: - - enabled - type: object - type: object - sku: - description: SKU is the SKU of the AKS to be provisioned. - properties: - tier: - description: Tier - Tier of an AKS cluster. - enum: - - Free - - Paid - - Standard - type: string - required: - - tier - type: object - subscriptionID: - description: SubscriptionID is the GUID of the Azure subscription - that owns this cluster. - type: string - version: - description: Version defines the desired Kubernetes version. - minLength: 2 - type: string - virtualNetwork: - description: VirtualNetwork describes the virtual network - for the AKS cluster. It will be created if it does not already - exist. - properties: - cidrBlock: - type: string - name: - description: Name is the name of the virtual network. - type: string - resourceGroup: - description: ResourceGroup is the name of the Azure resource - group for the VNet and Subnet. - type: string - subnet: - description: ManagedControlPlaneSubnet describes a subnet - for an AKS cluster. - properties: - cidrBlock: - type: string - name: - type: string - privateEndpoints: - description: PrivateEndpoints is a slice of Virtual - Network private endpoints to create for the subnets. - items: - description: PrivateEndpointSpec configures an Azure - Private Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies - the Application security group in which the - private endpoint IP configuration is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies - the network interface name associated with - the private endpoint. - type: string - location: - description: Location specifies the region to - create the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the - private endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections specifies - Private Link Service Connections of the private - endpoint. - items: - description: PrivateLinkServiceConnection - defines the specification for a private - link service connection associated with - a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the ID(s) - of the group(s) obtained from the remote - resource that this private endpoint - should connect to. - items: - type: string - type: array - name: - description: Name specifies the name of - the private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies - the resource ID of the private link - service. - type: string - requestMessage: - description: RequestMessage specifies - a message passed to the owner of the - remote resource with the private endpoint - connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual - Network service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an Azure - Service Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - cidrBlock - - name - type: object - required: - - cidrBlock - - name - type: object - required: - - identityRef - - location - - resourceGroupName - - version - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedMachinePoolTemplate - listKind: AzureManagedMachinePoolTemplateList - plural: azuremanagedmachinepooltemplates - shortNames: - - ammpt - singular: azuremanagedmachinepooltemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedMachinePoolTemplate is the Schema for the AzureManagedMachinePoolTemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedMachinePoolTemplateSpec defines the desired state - of AzureManagedMachinePoolTemplate. - properties: - template: - description: AzureManagedMachinePoolTemplateResource describes the - data needed to create an AzureManagedCluster from a template. - properties: - spec: - description: AzureManagedMachinePoolTemplateResourceSpec specifies - an Azure managed control plane template resource. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the - Azure provider, in addition to the ones added by default. - type: object - asoManagedClustersAgentPoolPatches: - description: |- - ASOManagedClustersAgentPoolPatches defines JSON merge patches to be applied to the generated ASO ManagedClustersAgentPool resource. - WARNING: This is meant to be used sparingly to enable features for development and testing that are not - otherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of - operation is possible. - items: - type: string - type: array - availabilityZones: - description: |- - AvailabilityZones - Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. - Immutable. - items: - type: string - type: array - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost indicates whether host encryption is enabled on the node pool. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS indicates whether FIPS is enabled on the node pool. - Immutable. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP controls whether or not nodes in the pool each have a public IP address. - Immutable. - type: boolean - enableUltraSSD: - description: |- - EnableUltraSSD enables the storage type UltraSSD_LRS for the agent pool. - Immutable. - type: boolean - kubeletConfig: - description: |- - KubeletConfig specifies the kubelet configurations for nodes. - Immutable. - properties: - allowedUnsafeSysctls: - description: |- - AllowedUnsafeSysctls - Allowlist of unsafe sysctls or unsafe sysctl patterns (ending in `*`). - Valid values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or `net.*`. - items: - type: string - type: array - containerLogMaxFiles: - description: ContainerLogMaxFiles - The maximum number - of container log files that can be present for a container. - The number must be ≥ 2. - minimum: 2 - type: integer - containerLogMaxSizeMB: - description: ContainerLogMaxSizeMB - The maximum size - in MB of a container log file before it is rotated. - type: integer - cpuCfsQuota: - description: CPUCfsQuota - Enable CPU CFS quota enforcement - for containers that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: |- - CPUCfsQuotaPeriod - Sets CPU CFS quota period value. - Must end in "ms", e.g. "100ms" - type: string - cpuManagerPolicy: - description: CPUManagerPolicy - CPU Manager policy to - use. - enum: - - none - - static - type: string - failSwapOn: - description: FailSwapOn - If set to true it will make - the Kubelet fail to start if swap is enabled on the - node. - type: boolean - imageGcHighThreshold: - description: |- - ImageGcHighThreshold - The percent of disk usage after which image garbage collection is always run. - Valid values are 0-100 (inclusive). - maximum: 100 - minimum: 0 - type: integer - imageGcLowThreshold: - description: |- - ImageGcLowThreshold - The percent of disk usage before which image garbage collection is never run. - Valid values are 0-100 (inclusive) and must be less than `imageGcHighThreshold`. - maximum: 100 - minimum: 0 - type: integer - podMaxPids: - description: |- - PodMaxPids - The maximum number of processes per pod. - Must not exceed kernel PID limit. -1 disables the limit. - minimum: -1 - type: integer - topologyManagerPolicy: - description: TopologyManagerPolicy - Topology Manager - policy to use. - enum: - - none - - best-effort - - restricted - - single-numa-node - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType specifies the kubelet disk type. Default to OS. Possible values include: 'OS', 'Temporary'. - Requires Microsoft.ContainerService/KubeletDisk preview feature to be set. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype - enum: - - OS - - Temporary - type: string - linuxOSConfig: - description: |- - LinuxOSConfig specifies the custom Linux OS settings and configurations. - Immutable. - properties: - swapFileSizeMB: - description: |- - SwapFileSizeMB specifies size in MB of a swap file will be created on the agent nodes from this node pool. - Max value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). - Must be at least 1. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk - minimum: 1 - type: integer - sysctls: - description: Sysctl specifies the settings for Linux agent - nodes. - properties: - fsAioMaxNr: - description: |- - FsAioMaxNr specifies the maximum number of system-wide asynchronous io requests. - Valid values are 65536-6553500 (inclusive). - Maps to fs.aio-max-nr. - maximum: 6553500 - minimum: 65536 - type: integer - fsFileMax: - description: |- - FsFileMax specifies the max number of file-handles that the Linux kernel will allocate, by increasing increases the maximum number of open files permitted. - Valid values are 8192-12000500 (inclusive). - Maps to fs.file-max. - maximum: 12000500 - minimum: 8192 - type: integer - fsInotifyMaxUserWatches: - description: |- - FsInotifyMaxUserWatches specifies the number of file watches allowed by the system. Each watch is roughly 90 bytes on a 32-bit kernel, and roughly 160 bytes on a 64-bit kernel. - Valid values are 781250-2097152 (inclusive). - Maps to fs.inotify.max_user_watches. - maximum: 2097152 - minimum: 781250 - type: integer - fsNrOpen: - description: |- - FsNrOpen specifies the maximum number of file-handles a process can allocate. - Valid values are 8192-20000500 (inclusive). - Maps to fs.nr_open. - maximum: 20000500 - minimum: 8192 - type: integer - kernelThreadsMax: - description: |- - KernelThreadsMax specifies the maximum number of all threads that can be created. - Valid values are 20-513785 (inclusive). - Maps to kernel.threads-max. - maximum: 513785 - minimum: 20 - type: integer - netCoreNetdevMaxBacklog: - description: |- - NetCoreNetdevMaxBacklog specifies maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them. - Valid values are 1000-3240000 (inclusive). - Maps to net.core.netdev_max_backlog. - maximum: 3240000 - minimum: 1000 - type: integer - netCoreOptmemMax: - description: |- - NetCoreOptmemMax specifies the maximum ancillary buffer size (option memory buffer) allowed per socket. - Socket option memory is used in a few cases to store extra structures relating to usage of the socket. - Valid values are 20480-4194304 (inclusive). - Maps to net.core.optmem_max. - maximum: 4194304 - minimum: 20480 - type: integer - netCoreRmemDefault: - description: |- - NetCoreRmemDefault specifies the default receive socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.rmem_default. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreRmemMax: - description: |- - NetCoreRmemMax specifies the maximum receive socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.rmem_max. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreSomaxconn: - description: |- - NetCoreSomaxconn specifies maximum number of connection requests that can be queued for any given listening socket. - An upper limit for the value of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) function. - If the backlog argument is greater than the somaxconn, then it's silently truncated to this limit. - Valid values are 4096-3240000 (inclusive). - Maps to net.core.somaxconn. - maximum: 3240000 - minimum: 4096 - type: integer - netCoreWmemDefault: - description: |- - NetCoreWmemDefault specifies the default send socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.wmem_default. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreWmemMax: - description: |- - NetCoreWmemMax specifies the maximum send socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.wmem_max. - maximum: 134217728 - minimum: 212992 - type: integer - netIpv4IPLocalPortRange: - description: |- - NetIpv4IPLocalPortRange is used by TCP and UDP traffic to choose the local port on the agent node. - PortRange should be specified in the format "first last". - First, being an integer, must be between [1024 - 60999]. - Last, being an integer, must be between [32768 - 65000]. - Maps to net.ipv4.ip_local_port_range. - type: string - netIpv4NeighDefaultGcThresh1: - description: |- - NetIpv4NeighDefaultGcThresh1 specifies the minimum number of entries that may be in the ARP cache. - Garbage collection won't be triggered if the number of entries is below this setting. - Valid values are 128-80000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh1. - maximum: 80000 - minimum: 128 - type: integer - netIpv4NeighDefaultGcThresh2: - description: |- - NetIpv4NeighDefaultGcThresh2 specifies soft maximum number of entries that may be in the ARP cache. - ARP garbage collection will be triggered about 5 seconds after reaching this soft maximum. - Valid values are 512-90000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh2. - maximum: 90000 - minimum: 512 - type: integer - netIpv4NeighDefaultGcThresh3: - description: |- - NetIpv4NeighDefaultGcThresh3 specified hard maximum number of entries in the ARP cache. - Valid values are 1024-100000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh3. - maximum: 100000 - minimum: 1024 - type: integer - netIpv4TCPFinTimeout: - description: |- - NetIpv4TCPFinTimeout specifies the length of time an orphaned connection will remain in the FIN_WAIT_2 state before it's aborted at the local end. - Valid values are 5-120 (inclusive). - Maps to net.ipv4.tcp_fin_timeout. - maximum: 120 - minimum: 5 - type: integer - netIpv4TCPKeepaliveProbes: - description: |- - NetIpv4TCPKeepaliveProbes specifies the number of keepalive probes TCP sends out, until it decides the connection is broken. - Valid values are 1-15 (inclusive). - Maps to net.ipv4.tcp_keepalive_probes. - maximum: 15 - minimum: 1 - type: integer - netIpv4TCPKeepaliveTime: - description: |- - NetIpv4TCPKeepaliveTime specifies the rate at which TCP sends out a keepalive message when keepalive is enabled. - Valid values are 30-432000 (inclusive). - Maps to net.ipv4.tcp_keepalive_time. - maximum: 432000 - minimum: 30 - type: integer - netIpv4TCPMaxSynBacklog: - description: |- - NetIpv4TCPMaxSynBacklog specifies the maximum number of queued connection requests that have still not received an acknowledgment from the connecting client. - If this number is exceeded, the kernel will begin dropping requests. - Valid values are 128-3240000 (inclusive). - Maps to net.ipv4.tcp_max_syn_backlog. - maximum: 3240000 - minimum: 128 - type: integer - netIpv4TCPMaxTwBuckets: - description: |- - NetIpv4TCPMaxTwBuckets specifies maximal number of timewait sockets held by system simultaneously. - If this number is exceeded, time-wait socket is immediately destroyed and warning is printed. - Valid values are 8000-1440000 (inclusive). - Maps to net.ipv4.tcp_max_tw_buckets. - maximum: 1440000 - minimum: 8000 - type: integer - netIpv4TCPTwReuse: - description: |- - NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT sockets for new connections when it's safe from protocol viewpoint. - Maps to net.ipv4.tcp_tw_reuse. - type: boolean - netIpv4TCPkeepaliveIntvl: - description: |- - NetIpv4TCPkeepaliveIntvl specifies the frequency of the probes sent out. - Multiplied by tcpKeepaliveprobes, it makes up the time to kill a connection that isn't responding, after probes started. - Valid values are 1-75 (inclusive). - Maps to net.ipv4.tcp_keepalive_intvl. - maximum: 75 - minimum: 1 - type: integer - netNetfilterNfConntrackBuckets: - description: |- - NetNetfilterNfConntrackBuckets specifies the size of hash table used by nf_conntrack module to record the established connection record of the TCP protocol. - Valid values are 65536-147456 (inclusive). - Maps to net.netfilter.nf_conntrack_buckets. - maximum: 147456 - minimum: 65536 - type: integer - netNetfilterNfConntrackMax: - description: |- - NetNetfilterNfConntrackMax specifies the maximum number of connections supported by the nf_conntrack module or the size of connection tracking table. - Valid values are 131072-1048576 (inclusive). - Maps to net.netfilter.nf_conntrack_max. - maximum: 1048576 - minimum: 131072 - type: integer - vmMaxMapCount: - description: |- - VMMaxMapCount specifies the maximum number of memory map areas a process may have. - Maps to vm.max_map_count. - Valid values are 65530-262144 (inclusive). - maximum: 262144 - minimum: 65530 - type: integer - vmSwappiness: - description: |- - VMSwappiness specifies aggressiveness of the kernel in swapping memory pages. - Higher values will increase aggressiveness, lower values decrease the amount of swap. - Valid values are 0-100 (inclusive). - Maps to vm.swappiness. - maximum: 100 - minimum: 0 - type: integer - vmVfsCachePressure: - description: |- - VMVfsCachePressure specifies the percentage value that controls tendency of the kernel to reclaim the memory, which is used for caching of directory and inode objects. - Valid values are 1-500 (inclusive). - Maps to vm.vfs_cache_pressure. - maximum: 500 - minimum: 1 - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag specifies whether the kernel should make aggressive use of memory compaction to make more hugepages available. - See also [Linux doc]. - - - [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge for more details. - enum: - - always - - defer - - defer+madvise - - madvise - - never - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled specifies various modes of Transparent Hugepages. - See also [Linux doc]. - - - [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge for more details. - enum: - - always - - madvise - - never - type: string - type: object - maxPods: - description: |- - MaxPods specifies the kubelet `--max-pods` configuration for the node pool. - Immutable. - See also [AKS doc], [K8s doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters - [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ - type: integer - mode: - description: 'Mode represents the mode of an agent pool. Possible - values include: System, User.' - enum: - - System - - User - type: string - name: - description: |- - Name is the name of the agent pool. If not specified, CAPZ uses the name of the CR as the agent pool name. - Immutable. - type: string - nodeLabels: - additionalProperties: - type: string - description: |- - Node labels represent the labels for all of the nodes present in node pool. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID specifies the public IP prefix resource ID which VM nodes should use IPs from. - Immutable. - type: string - osDiskSizeGB: - description: |- - OSDiskSizeGB is the disk size for every machine in this agent pool. - If you specify 0, it will apply the default osDisk size according to the vmSize specified. - Immutable. - type: integer - osDiskType: - default: Managed - description: |- - OsDiskType specifies the OS disk type for each node in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os - enum: - - Ephemeral - - Managed - type: string - osType: - description: |- - OSType specifies the virtual machine operating system. Default to Linux. Possible values include: 'Linux', 'Windows'. - 'Windows' requires the AzureManagedControlPlane's `spec.networkPlugin` to be `azure`. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype - enum: - - Linux - - Windows - type: string - scaleDownMode: - default: Delete - description: 'ScaleDownMode affects the cluster autoscaler - behavior. Default to Delete. Possible values include: ''Deallocate'', - ''Delete''' - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - description: |- - ScaleSetPriority specifies the ScaleSetPriority value. Default to Regular. Possible values include: 'Regular', 'Spot' - Immutable. - enum: - - Regular - - Spot - type: string - scaling: - description: Scaling specifies the autoscaling parameters - for the node pool. - properties: - maxSize: - description: MaxSize is the maximum number of nodes for - auto-scaling. - type: integer - minSize: - description: MinSize is the minimum number of nodes for - auto-scaling. - type: integer - type: object - sku: - description: |- - SKU is the size of the VMs in the node pool. - Immutable. - type: string - spotMaxPrice: - anyOf: - - type: integer - - type: string - description: |- - SpotMaxPrice defines max price to pay for spot instance. Possible values are any decimal value greater than zero or -1. - If you set the max price to be -1, the VM won't be evicted based on price. The price for the VM will be the current price - for spot or the price for a standard VM, which ever is less, as long as there's capacity and quota available. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - subnetName: - description: |- - SubnetName specifies the Subnet where the MachinePool will be placed - Immutable. - type: string - taints: - description: |- - Taints specifies the taints for nodes present in this agent pool. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints - items: - description: Taint represents a Kubernetes taint. - properties: - effect: - description: Effect specifies the effect for the taint - enum: - - NoSchedule - - NoExecute - - PreferNoSchedule - type: string - key: - description: Key is the key of the taint - type: string - value: - description: Value is the value of the taint - type: string - required: - - effect - - key - - value - type: object - type: array - required: - - mode - - sku - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1alpha1 - clusterctl.cluster.x-k8s.io: "" - name: azureasomanagedclusters.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: AzureASOManagedCluster - listKind: AzureASOManagedClusterList - plural: azureasomanagedclusters - singular: azureasomanagedcluster - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AzureASOManagedCluster is the Schema for the azureasomanagedclusters - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureASOManagedClusterSpec defines the desired state of AzureASOManagedCluster. - properties: - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint is the location of the API server within the control plane. CAPZ manages this field - and it should not be set by the user. It fulfills Cluster API's cluster infrastructure provider contract. - Because this field is programmatically set by CAPZ after resource creation, we define it as +optional - in the API schema to permit resource admission. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - resources: - description: Resources are embedded ASO resources to be managed by - this resource. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - status: - description: AzureASOManagedClusterStatus defines the observed state of - AzureASOManagedCluster. - properties: - ready: - description: |- - Ready represents whether or not the cluster has been provisioned and is ready. It fulfills Cluster - API's cluster infrastructure provider contract. - type: boolean - resources: - items: - description: ResourceStatus represents the status of a resource. - properties: - ready: - type: boolean - resource: - description: StatusResource is a handle to a resource. - properties: - group: - type: string - kind: - type: string - name: - type: string - version: - type: string - required: - - group - - kind - - name - - version - type: object - required: - - ready - - resource - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1alpha1 - clusterctl.cluster.x-k8s.io: "" - name: azureasomanagedclustertemplates.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: AzureASOManagedClusterTemplate - listKind: AzureASOManagedClusterTemplateList - plural: azureasomanagedclustertemplates - singular: azureasomanagedclustertemplate - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AzureASOManagedClusterTemplate is the Schema for the azureasomanagedclustertemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureASOManagedClusterTemplateSpec defines the desired state - of AzureASOManagedClusterTemplate. - properties: - template: - description: AzureASOManagedClusterTemplateResource defines the templated - resource. - properties: - spec: - description: AzureASOManagedClusterTemplateResourceSpec defines - the desired state of the templated resource. - properties: - resources: - description: Resources are embedded ASO resources to be managed - by this resource. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - required: - - template - type: object - type: object - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1alpha1 - clusterctl.cluster.x-k8s.io: "" - name: azureasomanagedcontrolplanes.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: AzureASOManagedControlPlane - listKind: AzureASOManagedControlPlaneList - plural: azureasomanagedcontrolplanes - singular: azureasomanagedcontrolplane - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AzureASOManagedControlPlane is the Schema for the azureasomanagedcontrolplanes - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureASOManagedControlPlaneSpec defines the desired state - of AzureASOManagedControlPlane. - properties: - resources: - description: Resources are embedded ASO resources to be managed by - this resource. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - version: - description: |- - Version is the Kubernetes version of the control plane. It fulfills Cluster API's control plane - provider contract. - type: string - type: object - status: - description: AzureASOManagedControlPlaneStatus defines the observed state - of AzureASOManagedControlPlane. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint for the - cluster's API server. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - initialized: - description: |- - Initialized represents whether or not the API server has been provisioned. It fulfills Cluster API's - control plane provider contract. For AKS, this is equivalent to `ready`. - type: boolean - ready: - description: |- - Ready represents whether or not the API server is ready to receive requests. It fulfills Cluster API's - control plane provider contract. For AKS, this is equivalent to `initialized`. - type: boolean - resources: - items: - description: ResourceStatus represents the status of a resource. - properties: - ready: - type: boolean - resource: - description: StatusResource is a handle to a resource. - properties: - group: - type: string - kind: - type: string - name: - type: string - version: - type: string - required: - - group - - kind - - name - - version - type: object - required: - - ready - - resource - type: object - type: array - version: - description: |- - Version is the observed Kubernetes version of the control plane. It fulfills Cluster API's control - plane provider contract. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1alpha1 - clusterctl.cluster.x-k8s.io: "" - name: azureasomanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: AzureASOManagedControlPlaneTemplate - listKind: AzureASOManagedControlPlaneTemplateList - plural: azureasomanagedcontrolplanetemplates - singular: azureasomanagedcontrolplanetemplate - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AzureASOManagedControlPlaneTemplate is the Schema for the azureasomanagedcontrolplanetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureASOManagedControlPlaneTemplateSpec defines the desired - state of AzureASOManagedControlPlane. - properties: - template: - description: AzureASOManagedControlPlaneResource defines the templated - resource. - properties: - spec: - description: AzureASOManagedControlPlaneTemplateResourceSpec defines - the desired state of the templated resource. - properties: - resources: - description: Resources are embedded ASO resources to be managed - by this resource. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - version: - description: |- - Version is the Kubernetes version of the control plane. It fulfills Cluster API's control plane - provider contract. - type: string - type: object - type: object - required: - - template - type: object - type: object - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1alpha1 - clusterctl.cluster.x-k8s.io: "" - name: azureasomanagedmachinepools.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: AzureASOManagedMachinePool - listKind: AzureASOManagedMachinePoolList - plural: azureasomanagedmachinepools - singular: azureasomanagedmachinepool - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AzureASOManagedMachinePool is the Schema for the azureasomanagedmachinepools - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureASOManagedMachinePoolSpec defines the desired state - of AzureASOManagedMachinePool. - properties: - providerIDList: - description: |- - ProviderIDList is the list of cloud provider IDs for the instances. It fulfills Cluster API's machine - pool infrastructure provider contract. - items: - type: string - type: array - resources: - description: Resources are embedded ASO resources to be managed by - this resource. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - status: - description: AzureASOManagedMachinePoolStatus defines the observed state - of AzureASOManagedMachinePool. - properties: - ready: - description: |- - Ready represents whether or not the infrastructure is ready to be used. It fulfills Cluster API's - machine pool infrastructure provider contract. - type: boolean - replicas: - description: |- - Replicas is the current number of provisioned replicas. It fulfills Cluster API's machine pool - infrastructure provider contract. - format: int32 - type: integer - resources: - items: - description: ResourceStatus represents the status of a resource. - properties: - ready: - type: boolean - resource: - description: StatusResource is a handle to a resource. - properties: - group: - type: string - kind: - type: string - name: - type: string - version: - type: string - required: - - group - - kind - - name - - version - type: object - required: - - ready - - resource - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - cluster.x-k8s.io/v1beta1: v1alpha1 - clusterctl.cluster.x-k8s.io: "" - name: azureasomanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io - spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: AzureASOManagedMachinePoolTemplate - listKind: AzureASOManagedMachinePoolTemplateList - plural: azureasomanagedmachinepooltemplates - singular: azureasomanagedmachinepooltemplate - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AzureASOManagedMachinePoolTemplate is the Schema for the azureasomanagedmachinepooltemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureASOManagedMachinePoolTemplateSpec defines the desired - state of AzureASOManagedMachinePoolTemplate. - properties: - template: - description: AzureASOManagedControlPlaneResource defines the templated - resource. - properties: - spec: - description: AzureASOManagedControlPlaneTemplateResourceSpec defines - the desired state of the templated resource. - properties: - resources: - description: Resources are embedded ASO resources to be managed - by this resource. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - version: - description: |- - Version is the Kubernetes version of the control plane. It fulfills Cluster API's control plane - provider contract. - type: string - type: object - type: object - required: - - template - type: object - type: object - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - annotations: - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - labels: - cluster.x-k8s.io/aggregate-to-capz-manager: "true" - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-base-manager-role - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - bootstrap.cluster.x-k8s.io - resources: - - kubeadmconfigs - - kubeadmconfigs/status - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - verbs: - - create - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - verbs: - - get - - list - - patch - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinepools - verbs: - - create - - apiGroups: - - cluster.x-k8s.io - resources: - - machinepools - - machinepools/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machines - - machines/status - verbs: - - delete - - get - - list - - watch - - apiGroups: - - containerservice.azure.com - resources: - - fleetsmembers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - containerservice.azure.com - resources: - - fleetsmembers/status - verbs: - - get - - list - - watch - - apiGroups: - - containerservice.azure.com - resources: - - managedclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - containerservice.azure.com - resources: - - managedclusters/status - verbs: - - get - - list - - watch - - apiGroups: - - containerservice.azure.com - resources: - - managedclustersagentpools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - containerservice.azure.com - resources: - - managedclustersagentpools/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedclusters/finalizers - verbs: - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedclusters/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedcontrolplanes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedcontrolplanes/finalizers - verbs: - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedcontrolplanes/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedmachinepools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedmachinepools/finalizers - verbs: - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureasomanagedmachinepools/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureclusteridentities - - azureclusteridentities/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azureclusters/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremachinepoolmachines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremachinepoolmachines/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremachinepools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremachinepools/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremachines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremachines/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremachinetemplates - - azuremachinetemplates/status - verbs: - - get - - list - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremanagedclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremanagedclusters/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremanagedcontrolplanes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremanagedcontrolplanes/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremanagedmachinepools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremanagedmachinepools/status - verbs: - - get - - patch - - update - - apiGroups: - - kubernetesconfiguration.azure.com - resources: - - extensions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - kubernetesconfiguration.azure.com - resources: - - extensions/status - verbs: - - get - - list - - watch - - apiGroups: - - network.azure.com - resources: - - bastionhosts - - natgateways - - privateendpoints - - virtualnetworks - - virtualnetworkssubnets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - network.azure.com - resources: - - bastionhosts/status - - natgateways/status - - privateendpoints/status - - virtualnetworks/status - - virtualnetworkssubnets/status - verbs: - - get - - list - - watch - - apiGroups: - - network.azure.com - resources: - - privateendpoints - - virtualnetworks - - virtualnetworkssubnets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - network.azure.com - resources: - - privateendpoints/status - - virtualnetworks/status - - virtualnetworkssubnets/status - verbs: - - get - - list - - watch - - apiGroups: - - resources.azure.com - resources: - - resourcegroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - resources.azure.com - resources: - - resourcegroups/status - verbs: - - get - - list - - watch - --- - aggregationRule: - clusterRoleSelectors: - - matchLabels: - cluster.x-k8s.io/aggregate-to-capz-manager: "true" - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - annotations: - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-manager-role - rules: [] - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - annotations: - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-manager-rolebinding - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capz-manager-role - subjects: - - kind: ServiceAccount - name: capz-manager - namespace: openshift-cluster-api - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-manager - namespace: openshift-cluster-api - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - annotations: - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-leader-election-role - namespace: openshift-cluster-api - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - annotations: - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-leader-election-rolebinding - namespace: openshift-cluster-api - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capz-leader-election-role - subjects: - - kind: ServiceAccount - name: capz-manager - namespace: openshift-cluster-api - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - control-plane: capz-controller-manager - name: capz-controller-manager - namespace: openshift-cluster-api - spec: - replicas: 1 - selector: - matchLabels: - cluster.x-k8s.io/provider: infrastructure-azure - control-plane: capz-controller-manager - strategy: {} - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - creationTimestamp: null - labels: - azure.workload.identity/use: "true" - cluster.x-k8s.io/provider: infrastructure-azure - control-plane: capz-controller-manager - spec: - containers: - - args: - - --leader-elect - - --diagnostics-address=${CAPZ_DIAGNOSTICS_ADDRESS:=:8443} - - --insecure-diagnostics=${CAPZ_INSECURE_DIAGNOSTICS:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false},ASOAPI=false - - --v=0 - env: - - name: AZURE_SUBSCRIPTION_ID - valueFrom: - secretKeyRef: - key: azure_subscription_id - name: capz-manager-bootstrap-credentials - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: to.be/replaced:v99 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - resources: - requests: - cpu: 10m - memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 65532 - runAsUser: 65532 - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - - mountPath: /var/run/secrets/azure/tokens - name: azure-identity-token - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: capz-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: capz-webhook-service-cert - - name: azure-identity-token - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: api://AzureADTokenExchange - expirationSeconds: 3600 - path: azure-identity-token - status: {} - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - annotations: - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-mutating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine - failurePolicy: Fail - matchPolicy: Equivalent - name: default.azuremachine.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachines - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate - failurePolicy: Fail - matchPolicy: Equivalent - name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachinetemplates - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane - failurePolicy: Fail - name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremanagedcontrolplanes - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate - failurePolicy: Fail - name: default.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremanagedcontrolplanetemplates - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool - failurePolicy: Fail - matchPolicy: Equivalent - name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremanagedmachinepools - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate - failurePolicy: Fail - name: default.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremanagedmachinepooltemplates - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool - failurePolicy: Fail - name: default.azuremachinepool.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachinepools - sideEffects: None - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration - metadata: - annotations: - service.beta.openshift.io/inject-cabundle: "true" - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-validating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-azureasomanagedcontrolplane - failurePolicy: Fail - name: validation.azureasomanagedcontrolplane.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - resources: - - azureasomanagedcontrolplanes - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-azureasomanagedmachinepool - failurePolicy: Fail - name: validation.azureasomanagedmachinepool.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - resources: - - azureasomanagedmachinepools - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.azuremachine.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachines - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.azuremachinetemplate.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachinetemplates - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane - failurePolicy: Fail - name: validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremanagedcontrolplanes - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate - failurePolicy: Fail - name: validation.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremanagedcontrolplanetemplates - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - azuremanagedmachinepools - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate - failurePolicy: Fail - name: validation.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - azuremanagedmachinepooltemplates - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepoolmachine - failurePolicy: Fail - name: azuremachinepoolmachine.kb.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachinepoolmachines - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capz-webhook-service - namespace: openshift-cluster-api - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool - failurePolicy: Fail - name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachinepools - sideEffects: None - --- - apiVersion: v1 - kind: Service - metadata: - annotations: - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade,TechPreviewNoUpgrade - service.beta.openshift.io/serving-cert-secret-name: capz-webhook-service-cert - labels: - cluster.x-k8s.io/provider: infrastructure-azure - clusterctl.cluster.x-k8s.io: "" - name: capz-webhook-service - namespace: openshift-cluster-api - spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - cluster.x-k8s.io/provider: infrastructure-azure - --- - apiVersion: admissionregistration.k8s.io/v1beta1 - kind: ValidatingAdmissionPolicy - metadata: - name: openshift-cluster-api-protect-azurecluster - spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - '*' - operations: - - DELETE - resources: - - azureclusters - paramKind: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - validations: - - expression: '!(oldObject.metadata.name == params.status.infrastructureName)' - message: InfraCluster resources with metadata.name corresponding to the cluster - infrastructureName cannot be deleted. - --- - apiVersion: admissionregistration.k8s.io/v1beta1 - kind: ValidatingAdmissionPolicyBinding - metadata: - name: openshift-cluster-api-protect-azurecluster - spec: - matchResources: - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: openshift-cluster-api - paramRef: - name: cluster - parameterNotFoundAction: Deny - policyName: openshift-cluster-api-protect-azurecluster - validationActions: - - Deny metadata: | # maps release series of major.minor to cluster-api contract version # the contract version may change between minor or major versions, but *not* diff --git a/openshift/patches/aso-disable-crds.yaml b/openshift/patches/aso-disable-crds.yaml new file mode 100644 index 00000000000..7baaa7e7a9c --- /dev/null +++ b/openshift/patches/aso-disable-crds.yaml @@ -0,0 +1,18 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: azureserviceoperator-controller-manager + namespace: azureserviceoperator-system # This patch is processed before manifests-gen updates the namespace +spec: + template: + spec: + containers: + - name: manager + args: + - --metrics-addr=:8080 + - --health-addr=:8081 + - --enable-leader-election + - --v=2 + - --crd-management=none + - --webhook-port=9443 + - --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs diff --git a/openshift/patches/disable-aso.yaml b/openshift/patches/disable-aso.yaml deleted file mode 100644 index fe73c8782a9..00000000000 --- a/openshift/patches/disable-aso.yaml +++ /dev/null @@ -1,6 +0,0 @@ -$patch: delete -apiVersion: apps/v1 -kind: Deployment -metadata: - name: azureserviceoperator-controller-manager - namespace: azureserviceoperator-system # This patch is processed before manifests-gen updates the namespace diff --git a/openshift/patches/turn-off-aso-api.yaml b/openshift/patches/turn-off-aso-api.yaml deleted file mode 100644 index f065980e7a7..00000000000 --- a/openshift/patches/turn-off-aso-api.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager # Name and namespace here are before any OpenShift modifications - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - --leader-elect - - --diagnostics-address=${CAPZ_DIAGNOSTICS_ADDRESS:=:8443} - - --insecure-diagnostics=${CAPZ_INSECURE_DIAGNOSTICS:=false} - - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false},ASOAPI=false - - --v=0 diff --git a/vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/doc.go b/vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/doc.go index df51baa4d4c..5403d369d39 100644 --- a/vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/doc.go +++ b/vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/doc.go @@ -1,5 +1,9 @@ /* +<<<<<<<< HEAD:vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/doc.go Copyright The Kubernetes Authors. +======== +Copyright 2024 The Kubernetes Authors. +>>>>>>>> ba005f8df (UPSTREAM: : Vendor manifests-gen deps):openshift/tools/vendor/k8s.io/api/storagemigration/v1alpha1/doc.go Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +18,17 @@ See the License for the specific language governing permissions and limitations under the License. */ +<<<<<<<< HEAD:vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/doc.go // Code generated by client-gen. DO NOT EDIT. // This package has the automatically generated typed clients. package v1alpha1 +======== +// +k8s:deepcopy-gen=package +// +k8s:protobuf-gen=package +// +k8s:openapi-gen=true +// +k8s:prerelease-lifecycle-gen=true +// +groupName=storagemigration.k8s.io + +package v1alpha1 // import "k8s.io/api/storagemigration/v1alpha1" +>>>>>>>> ba005f8df (UPSTREAM: : Vendor manifests-gen deps):openshift/tools/vendor/k8s.io/api/storagemigration/v1alpha1/doc.go diff --git a/vendor/sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1/doc.go b/vendor/sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1/doc.go index 81c65d7f34d..863ec06022f 100644 --- a/vendor/sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1/doc.go +++ b/vendor/sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1/doc.go @@ -1,5 +1,9 @@ /* +<<<<<<<< HEAD:vendor/sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1/doc.go Copyright 2022 The Kubernetes Authors. +======== +Copyright The Kubernetes Authors. +>>>>>>>> ba005f8df (UPSTREAM: : Vendor manifests-gen deps):openshift/tools/vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/generated_expansion.go Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,5 +18,13 @@ See the License for the specific language governing permissions and limitations under the License. */ +<<<<<<<< HEAD:vendor/sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1/doc.go // Package v1beta1 contains API Schema definitions for the v1beta1 IPAM API. package v1beta1 +======== +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type StorageVersionMigrationExpansion interface{} +>>>>>>>> ba005f8df (UPSTREAM: : Vendor manifests-gen deps):openshift/tools/vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/generated_expansion.go